The Pokémon Company has taken decisive action to safeguard its users by resetting passwords after detecting unauthorized hacking attempts.
This move underscores the ongoing battle between digital platforms and cybercriminals, highlighting the importance of robust security measures in protecting user data.
Hacking Attempts Thwarted
An official alert from The Pokémon Company was posted on its support website last week, warning users of an attempt to compromise the account system.
Free Webinar : Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
:
- The problem of vulnerability fatigue today
- Difference between CVSS-specific vulnerability vs risk-based vulnerability
- Evaluating vulnerabilities based on the business impact/risk
- Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, that helps you to quantify risk accurately:
The alert, which has since been removed, reassured users that the accounts were locked as a precautionary measure to prevent any potential breach.
Daniel Benkwitt, a spokesperson for The Pokémon Company, clarified that the account system was not actually breached.
Instead, the company detected and intercepted attempts to log into user accounts.
In response, The Pokémon Company reset passwords for specific accounts, which triggered the alert message.
According to TechCrunch’s report, Pokémon has reset the passwords of certain users following attempted hacking incidents.
Impact on Users
The Pokémon franchise enjoys a massive global following, with hundreds of millions of players.
Despite the scale of the hacking attempts, Benkwitt revealed that only a tiny fraction, specifically 0.1%, of user accounts were compromised.
The company has already mandated password resets for the affected accounts, ensuring no further action is required from users who have not received a password reset prompt.
Comparison with Other Incidents
The nature of the hacking attempts on Pokémon accounts resembles a technique known as credential stuffing.
This method involves cybercriminals using previously stolen username and password combinations from other data breaches to gain unauthorized access to accounts on different platforms.
A notable incident occurred last year with the genetic testing company 23andMe, where hackers exploited leaked passwords to infiltrate approximately 14,000 accounts.
This breach allowed 23andMe and its competitors to access the sensitive genetic information of millions of users.
As a result, 23andMe and its competitors implemented mandatory two-factor authentication (2FA) to combat such attacks.
The Pokémon Company’s swift action to reset passwords following hacking attempts is a testament to its commitment to user security.
However, the incident also serves as a reminder of the ever-present threat of cyberattacks and the need for continuous improvement in security practices, including adopting two-factor authentication.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.