Japanese game developer Koei Tecmo reported a data breach and took its European and American sites offline after stolen data was posted to a hacker forum.
Koei Tecmo is known for its popular PC and console games, including Nioh 2, Hyrule Warriors, Atelier Ryza, Dead or Alive, etc.
On December 20, a threat actor claimed to have hacked the website koeitecmoeurope.com on December 18 through a spear-phishing campaign sent to an employee. As part of this attack, a forum database of 65,000 users was stolen, and the actor claims to have planted a web shell on the site for continuous access.
“There are FTP credentials in the shell that I found and I would be happy to share them with you if you bought the shell, as well as several Twitter secrets for their Twitter accounts that they have,” said the threat actor as part of his speech. of sales .
In a post on a hacker forum, the threat actor was trying to sell a forum database for 0.05 bitcoins, or approximately $ 1,300, and access to the web shell for 0.25, or approximately $ 6,500 .
On December 23, the same threat agent leaked the database for free on the same hacker forum.
Examples of the database seen by BleepingComputer include e-mail addresses of forum members, IP addresses, passwords and hashed salts, usernames, date of birth and country.
Koei Tecmo takes sites offline
After learning about the leaked data, Koei Tecmo disconnected the American (https://www.koeitecmoamerica.com/) and European (koeitecmoeurope.com) websites with the following message:
“Due to the possibility of an external cyber attack on this site, it is temporarily closed while we investigate the problem.”
Since learning about the attack, Koei Tecmo has released a data breach statement stating that a forum on a UK subsidiary’s website has been compromised and the stolen data has been leaked online.
“Within the website operated by KTE, the” Forum “page and the registered user’s information (approximately 65,000 entries) have been determined for data that may have been breached. User data that may have been leaked through hacking is considered to be (optional) account names and related (encrypted) password and / or registered email address, “Koei Tecmo revealed in a data breach statement.
Koei Tecmo claims that the breach affected only the forum and not other parts of the site. They also claim that no financial information was stored in this database.
The gaming company determined “that the possibility of a ransomware attack is low” and that there were no threats or demands made to the company.
As a precaution, Koei Tecmo disconnected British subsidiary KTE from its internal network while investigating the attack.
Koei Tecmo is not the first game developer hit by a cyber attack this year.
Earlier this year, Crytek and Ubisoft were hit by the Egregor ransomware operation, and Capcom suffered a Ragnar Locker ransomware attack, where 1 TB of data was stolen.