Konami accounts suffer brute-force hack, video game players told to change their passwords

Graham Cluley

pes-2013-170Japanese video game producer Konami – famous for titles such as Pro Evolution Soccer and Metal Gear Solid – has advised customers to change their passwords immediately, after hackers made almost four million attempts to break into users’ accounts in a period of less than one month.

Konami says the attack against its ID Portal site happened between Thursday, June 13th and Sunday, July 7th 2013, and resulted in 35,252 unauthorised logins.

There is no suggestion that payment information has been compromised, but Konami says that customers’ personal information, such as name, address, email address, date of birth and telephone number – may have been exposed by the unauthorised logins.

Konami says it detected the suspicious behaviour on July 8th. One has to wonder if they decided to take a look at what was happening on their customer portal after the widely-reported month-long hack against fellow Japanese video game makers Nintendo.

The timing of the two brute-force attacks against users’ login accounts can hardly be a coincidence.

Konami customer notice

Even though Konami says that it has taken steps to ensure that the IDs and passwords used in the unauthorised logins can no longer be used to access the site, users still need to ensure they are following best practices for password security.

In short, it’s very important that internet users don’t use the same passwords on multiple websites. If you *do* use the same password in multiple places you only need to have one of your accounts hacked in one place, or for a website to be careless with its security, for everything to start unravelling.

Konami has provided links in its English-language advisory [PDF] offering users advice about how to reset passwords, and details of the Konami one-time-password service.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.
Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET UPDATES