Japanese publisher Koei Tecmo was hit by a cyber attack over Christmas, so it has temporarily shut down its American and European websites.
Earlier this year, Capcom suffered a data breach, with hackers stealing a large amount of personal information from the company.
Now it’s been reported that Koei Tecmo, the studio responsible for the Dynasty Warriors games and Hyrule Warriors: Age Of Calamity, which it collaborated with Nintendo on, has been hit with a similar cyber attack.
Koei Tecmo reports that personal information for approximately 65,000 users on its American and European websites have been hacked, prompting the company to shut both sites and their forum pages down.
‘Koei Tecmo apologies for the concern and inconvenience this may be causing to its customers and business partners,’ it writes.
‘For individuals who have had their e-mail addresses leaked, Koei Tecmo is determined to take the appropriate measures and act in good faith hereafter.’
According to BleepingComputer, the hacker claiming to be responsible for the attack has since leaked the database for free on a hacker forum, which includes email addresses, IP addresses, and passwords.
The leaked information appears to be restricted to user information, unlike the Capcom hack, which saw the personal information of Capcom employees, sales data, and even unannounced projects be leaked online.
BleepingComputer adds that it has been contacted by the hacker, who says that they leaked the data as a means of punishing Koei Tecmo for not following General Data Protection Regulation guidelines.
‘I released it after they removed the web shell but had not let users know or had made GDPR aware within guidelines.
‘… while I may not be the most ethical person, I care a lot when it comes to user security and privacy and if companies refuse to use simple encryption techniques to stop user data from the fallout of a cyber attack, I will keep attacking them. If they do not adhere to guidelines set by the people, they will face fallout.
‘They could spend just a few extra shekels to encrypt user information to ten rounds of bcrypt and when, not if there is a cyber attack, users will be protected to an extent, but they refused to do that over costs of processing power and instead chose to use a weak salted MD5 hashing algorithm from 1992. They refused to update their systems to divert a cyber attack, and that was their responsibility with 65,000 user records.’
Email [email protected], leave a comment below, and follow us on Twitter.
Source: Read Full Article