The Pokemon Firm mentioned it detected hacking makes an attempt towards a few of its customers and reset these person account passwords.
Final week, an alert was seen on Pokemon’s official help web site, which mentioned that “following an attempt to compromise our account system, Pokemon proactively locked the accounts of fans who might have been affected.”
As of Tuesday, the alert is gone. A spokesperson for the corporate mentioned there was no breach, only a sequence of hacking makes an attempt towards some customers.
“The account system was not compromised. What we did experience and catch was an attempt to log in to some accounts. To protect our customers we have reset some passwords which prompted the message,” mentioned Daniel Benkwitt, a Pokemon Firm spokesperson.
Pokemon is a wildly fashionable recreation franchise with a whole lot of hundreds of thousands of gamers world wide.
Benkwitt mentioned that solely 0.1% of the accounts focused by the hackers have been truly compromised, and reiterated that the corporate already compelled the impacted customers to reset their passwords, so there isn’t something to do for individuals who haven’t been compelled to reset their passwords.
The outline of the Pokemon account breaches feels like credential stuffing, the place malicious hackers use usernames and passwords stolen from different breaches and reuse them on different websites.
A latest instance of the same incident is what occurred final 12 months to the genetic testing firm 23andMe. In that case, hackers used leaked passwords from different breaches to interrupt into the accounts of round 14,000 accounts. By breaking into these accounts, the hackers have been then capable of entry the delicate genetic knowledge on hundreds of thousands of different 23andMe account holders.
That prompted the corporate (and several other different of its opponents) to roll out obligatory two-factor authentication, a safety characteristic that stops credential stuffing assaults.
For its half, the Pokemon Firm doesn’t permit its customers to allow two-factor on their accounts, when TechCrunch checked.