Konami says the attack against its ID Portal site happened between Thursday, June 13th and Sunday, July 7th 2013, and resulted in 35,252 unauthorised logins.
There is no suggestion that payment information has been compromised, but Konami says that customers’ personal information, such as name, address, email address, date of birth and telephone number – may have been exposed by the unauthorised logins.
Konami says it detected the suspicious behaviour on July 8th. One has to wonder if they decided to take a look at what was happening on their customer portal after the widely-reported month-long hack against fellow Japanese video game makers Nintendo.
The timing of the two brute-force attacks against users’ login accounts can hardly be a coincidence.
Even though Konami says that it has taken steps to ensure that the IDs and passwords used in the unauthorised logins can no longer be used to access the site, users still need to ensure they are following best practices for password security.
In short, it’s very important that internet users don’t use the same passwords on multiple websites. If you *do* use the same password in multiple places you only need to have one of your accounts hacked in one place, or for a website to be careless with its security, for everything to start unravelling.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.