fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Koei Tecmo Discloses Data Breach After Hacker Leaks Stolen Data

https://open.spotify.com/show/3Gmj15x6cGrgJEzmGnDTTj

Koei Tecmo Discloses Data Breach After Hacker Leaks Stolen Data

Source: Atelier Ryza screenshot

Japanese game developer Koei Tecmo has disclosed a data breach and taken their European and American websites offline after stolen data was posted to a hacker forum.

Koei Tecmo is known for its popular PC and console games, including Nioh 2, Hyrule Warriors, Atelier Ryza, Dead or Alive, etc.

On December 20th, a threat actor claimed to have hacked into the koeitecmoeurope.com website on December 18th through a spear-phishing campaign sent to an employee. As part of this attack, a forum database with 65,000 users was stolen, and the actor claims to have planted a web shell on the site for continued access.

“There are FTP credentials on the shell I found and I would be happy to share those with you if you bought the shell as well as multiple twitter secrets for their twitter accounts that they have,” the threat actor stated as part of their sales pitch.

In a post on a hacker forum, the threat actor was attempting to sell a forum database for 0.05 bitcoins, or approximately $1,300, and web shell access for 0.25, or approximately $6,500.

On December 23rd, the same threat actor leaked the database for free on the same hacker forum.

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?

Koei Tecmo database leaked for free
Koei Tecmo database leaked for free

The samples of the database seen by BleepingComputer include forum members’ email addresses, IP addresses, hashed passwords and salts, usernames, date of births, and country.

Koei Tecmo takes websites offline 

After learning of the leaked data, Koei Tecmo took the American (https://www.koeitecmoamerica.com/) and European (koeitecmoeurope.com) websites offline with the following message:

“Due to the possibility of an external cyberattack on this website, it is temporarily closed as we investigate the issue.”

Koei Tecmo America's website was taken offline
Koei Tecmo America’s website was taken offline

Since learning of the attack, Koei Tecmo released a data breach advisory stating that a forum on a UK subsidiary’s website was compromised and the stolen data was leaked online.

“Within the website operated by KTE, the “Forum” page and the registered user information (approximately 65,000 entries) has been determined to the data that may have been breached. The user data that may have been leaked through hacking is perceived to be the (optional) account names and related password (encrypted) and/or registered e-mail address,” Koei Tecmo disclosed in a data breach advisory.

Koei Tecmo states that the breach only affected the forum and not other portions of the site. They also say  that no financial information was stored in this database.

The game company has determined “that the possibility of it being a ransomware attack is low” and that there have been no threats or demands made to the company.

Also Read: Limiting Location Data Exposure: 8 Best Practices

Out of an abundance of caution, Koei Tecmo has cut off the UK subsidiary KTE from its internal network while investigating the attack.

Koei Tecmo is not the first game developer hit with a cyberattack this year.

Earlier this year, Crytek and Ubisoft were hit by the Egregor ransomware operation, and Capcom suffered a Ragnar Locker ransomware attack, where 1 TB of data was stolen.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us