Konami follows several other developers and publishers hit by hackers within the last month.
This assumption could be wrong, but someone – or some party -- is having an issue with the gaming industry. Konami is the latest in a string of cyber-attacks against websites owned by game developers and publishers, and reports that it detected 35,252 cases of unauthorized logins to its Konami ID portal site during June 13 and July 7. A total of 3,945,927 login attempts were made during that timeframe.
"Currently, Konami has taken measures to ensure that logins cannot be performed using IDs and passwords involved in these unauthorized logins, and as we contact affected customers individually, we request that customers change their passwords. Konami sincerely apologizes for the trouble this has caused to our valued customers," the company stated (pdf).
Customer information that may have been exposed include name, address, date of birth, telephone number and email address. No changes to customers’ personal information, or unauthorized usage of paid services, have been detected, the company said.
Konami said that the IDs and passwords used in these unauthorized logins appear to have been leaked from an external service provider. Customers who use the same password for both their Konami ID and external services need to change to a new and different password.
Konami wasn't the only gaming company hit on Friday. Developer Bohemia Interactive, the studio behind the popular ARMA series, said that an illegal attempt was made to access a certain portion of its online websites. Hackers managed to download a database containing usernames, email addresses and encrypted passwords. Bohemia said that it's very unlikely anything "nefarious" can be done with the information due to the password encryption.
"As a precaution we are resetting the passwords of all users which means you will be unable to log into any of our websites/forums until your password is changed," the studio said. "To do this, go here, enter your email address and press "Get a new password". Shortly afterwards you will receive an automated email from firstname.lastname@example.org with a link, where you can set a new password of your choosing. In the event that you do not receive the email within 20 minutes, please try searching your spam folder."
"We would like to reassure everyone that no other information such as credit card details is stored by us and thus was not at any risk from this illegal breach," the studio added.
Just days ago, Nintendo confirmed that out of 15 million attempts, there were around 23,000 unauthorized logins that took place at its Club Nintendo Japanese website between June 9 and July 4. The company said that it was possible hackers acquired full names, addresses, phone numbers and physical mail addresses. Old passwords are now invalid, so Japanese Club Nintendo users will be required to make new ones.
Prior to Nintendo, game publisher and Konami rival Ubisoft said that one of its websites was exploited to gain unauthorized access to some of its online systems. The company said it immediately took steps to block the intruders and began restoring the integrity of any systems that may have been compromised. Ubisoft said it was working closely with authorities as well as internal and external security teams.
At the time, Ubisoft indicated that there was no evidence that the intrusion was related to any other game company's previous security incidents. Actually, it looks like Ubisoft was just the beginning.