Konami, the Japanese games developer responsible for such genre defining classics as Metal Gear Solid and Silent Hill, has confirmed that tens of thousands of customer accounts have been put at risk due to a breach of the Konami ID portal site. During a period between the 13th June and 7th July, hackers made numerous unauthorised logins. Indeed, during this period it has been suggested that as many as 4 million account hacking attempts were executed. Konami warns that a total of 35,252 customer accounts were hijacked with the attackers having access to personal data including dates of birth, telephone numbers and street addresses as well as passwords of course.
The logins seem to have been made using "IDs and passwords that appear to have been leaked from an external service provider" according to an official Konami statement. Konami went on to apologise "for the trouble this has caused to our valued customers". However, the company was at pains to point out that "no changes to customers' personal information, or unauthorized usage of paid services, have been detected" before suggesting that those customers who use the same passwords for different services should "change to a new and different password". Individual Konami customers whose account details were exposed have been notified by email, and all 35,252 logins have been suspended.
The Konami hack is just the latest in a worrying trend that has seen gamer sites targeted by hackers. Only last week Nintendo was warning users that the Japanese 'Club Nintendo' website had seen a staggering 15.46 million unauthorised login attempts during a similar period, although on this occasion 'only' 23,926 were successful.
Barry Shteiman, a senior strategist at security specialist Imperva, told DaniWeb that gaming companies become a compelling target for attackers "when games are using a merchant platform and allow transactions between users or vendors" as the bottom line from the criminal radar perspective is that "these systems transact money". Not only does stealing an account mean that there is the potential to convert digital cash into real money, but such compromised accounts can be used to launder stolen money as well. “Although this hack at Konami may have had a limited success in stealing credentials, personal information did leak" Shteiman continues "this kind of information can be used for identity theft, or for a phishing campaign, which is the most common account-takeover method in online gaming nowadays - convincing a kid to 'get more gold if you click here' is like taking virtual-candy from a child."