Over 35,000 Konami accounts feared compromised in brute-force hack

More than 35,000 accounts of Japan-based gaming company Konami were feared compromised following a brute-force attack by hackers since June 13, the firm said this week.

 

In a statement, Konami Digital Entertainment Co. Ltd. said it recorded 35,252 unauthorized logins to the KONAMI ID portal, prompting it to take strict security measures.

 

"Currently, Konami has taken measures to ensure that logins cannot be performed using IDs and passwords involved in these unauthorized logins, and as we contact affected customers individually, we request that customers change their passwords," it said in its July 9 statement.

 

Konami also said it "sincerely apologizes" for the trouble this has caused its customers.

 

Citing its initial findings, Konami said it detected "a large number of access errors" July 8, and started a survey.

 

The survey found 35,252 unauthorized logins between June 13 and July 7, and 3,945,927 unauthorized login attempts.

 

It said the customer information that may have been exposed included name, address, date of birth, telephone number, and email address.

 

"No changes to customers’ personal information, or unauthorized usage of paid services, have been detected," it said.

 

For now, Konami said it has taken measures to ensure that IDs and passwords involved in the unauthorized logins can

no longer be used to log in.

 

"The IDs and passwords used in these unauthorized logins appear to have been leaked from an external service

provider. We request that those customers who use the same password for both their KONAMI ID and external services change to a new and different password," it added.

 

Timing no coincidence?

 

Security researcher Graham Cluley said the timing of the brute-force attacks on users’ login accounts of Konami and similar recent attacks on fellow video game maker Nintendo "can hardly be a coincidence."

 

"One has to wonder if they decided to take a look at what was happening on their customer portal after the widely-reported month-long hack against fellow Japanese video game makers Nintendo. The timing of the two brute-force attacks against users’ login accounts can hardly be a coincidence," Cluley said. — TJD, GMA News