Konami, the Japanese games developer responsible for such genre defining classics as Metal Gear Solid and Silent Hill, has confirmed that tens of thousands of customer accounts have been put at risk due to a breach of the Konami ID portal site. During a period between the 13th June and 7th July, hackers made numerous unauthorised logins. Indeed, during this period it has been suggested that as many as 4 million account hacking attempts were executed. Konami warns that a total of 35,252 customer accounts were hijacked with the attackers having access to personal data including dates of birth, telephone numbers and street addresses as well as passwords of course.

The logins seem to have been made using "IDs and passwords that appear to have been leaked from an external service provider" according to an official Konami statement. Konami went on to apologise "for the trouble this has caused to our valued customers". However, the company was at pains to point out that "no changes to customers' personal information, or unauthorized usage of paid services, have been detected" before suggesting that those customers who use the same passwords for different services should "change to a new and different password". Individual Konami customers whose account details were exposed have been notified by email, and all 35,252 logins have been suspended.


The Konami hack is just the latest in a worrying trend that has seen gamer sites targeted by hackers. Only last week Nintendo was warning users that the Japanese 'Club Nintendo' website had seen a staggering 15.46 million unauthorised login attempts during a similar period, although on this occasion 'only' 23,926 were successful.

Barry Shteiman, a senior strategist at security specialist Imperva, told DaniWeb that gaming companies become a compelling target for attackers "when games are using a merchant platform and allow transactions between users or vendors" as the bottom line from the criminal radar perspective is that "these systems transact money". Not only does stealing an account mean that there is the potential to convert digital cash into real money, but such compromised accounts can be used to launder stolen money as well. “Although this hack at Konami may have had a limited success in stealing credentials, personal information did leak" Shteiman continues "this kind of information can be used for identity theft, or for a phishing campaign, which is the most common account-takeover method in online gaming nowadays - convincing a kid to 'get more gold if you click here' is like taking virtual-candy from a child."


About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to Forbes.com, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...