1

Konami, the Japanese games developer responsible for such genre defining classics as Metal Gear Solid and Silent Hill, has confirmed that tens of thousands of customer accounts have been put at risk due to a breach of the Konami ID portal site. During a period between the 13th June and 7th July, hackers made numerous unauthorised logins. Indeed, during this period it has been suggested that as many as 4 million account hacking attempts were executed. Konami warns that a total of 35,252 customer accounts were hijacked with the attackers having access to personal data including dates of birth, telephone numbers and street addresses as well as passwords of course.

The logins seem to have been made using "IDs and passwords that appear to have been leaked from an external service provider" according to an official Konami statement. Konami went on to apologise "for the trouble this has caused to our valued customers". However, the company was at pains to point out that "no changes to customers' personal information, or unauthorized usage of paid services, have been detected" before suggesting that those customers who use the same passwords for different services should "change to a new and different password". Individual Konami customers whose account details were exposed have been notified by email, and all 35,252 logins have been suspended.

a02a4a621bcee1a971fbecb95e9ba608

The Konami hack is just the latest in a worrying trend that has seen gamer sites targeted by hackers. Only last week Nintendo was warning users that the Japanese 'Club Nintendo' website had seen a staggering 15.46 million unauthorised login attempts during a similar period, although on this occasion 'only' 23,926 were successful.

Barry Shteiman, a senior strategist at security specialist Imperva, told DaniWeb that gaming companies become a compelling target for attackers "when games are using a merchant platform and allow transactions between users or vendors" as the bottom line from the criminal radar perspective is that "these systems transact money". Not only does stealing an account mean that there is the potential to convert digital cash into real money, but such compromised accounts can be used to launder stolen money as well. “Although this hack at Konami may have had a limited success in stealing credentials, personal information did leak" Shteiman continues "this kind of information can be used for identity theft, or for a phishing campaign, which is the most common account-takeover method in online gaming nowadays - convincing a kid to 'get more gold if you click here' is like taking virtual-candy from a child."

644d46b15948f861bbc26a2c5bc67ba1

Edited by happygeek: unstuck

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

1
Contributor
0
Replies
38
Views
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.