Japanese video game producer Konami – famous for titles such as Pro Evolution Soccer and Metal Gear Solid – has advised customers to change their passwords immediately, after hackers made almost four million attempts to break into users’ accounts in a period of less than one month.
Konami says the attack against its ID Portal site happened between Thursday, June 13th and Sunday, July 7th 2013, and resulted in 35,252 unauthorised logins.
There is no suggestion that payment information has been compromised, but Konami says that customers’ personal information, such as name, address, email address, date of birth and telephone number – may have been exposed by the unauthorised logins.
Konami says it detected the suspicious behaviour on July 8th. One has to wonder if they decided to take a look at what was happening on their customer portal after the widely-reported month-long hack against fellow Japanese video game makers Nintendo.
The timing of the two brute-force attacks against users’ login accounts can hardly be a coincidence.
Even though Konami says that it has taken steps to ensure that the IDs and passwords used in the unauthorised logins can no longer be used to access the site, users still need to ensure they are following best practices for password security.
In short, it’s very important that internet users don’t use the same passwords on multiple websites. If you *do* use the same password in multiple places you only need to have one of your accounts hacked in one place, or for a website to be careless with its security, for everything to start unravelling.
Konami has provided links in its English-language advisory [PDF] offering users advice about how to reset passwords, and details of the Konami one-time-password service.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.