The Pokemon Firm stated it detected hacking makes an attempt in opposition to a few of its customers and reset these person account passwords.
Final week, an alert was seen on Pokemon’s official help web site, which stated that “following an try and compromise our account system, Pokemon proactively locked the accounts of followers who may need been affected.”
As of Tuesday, the alert is gone. A spokesperson for the corporate stated there was no breach, only a collection of hacking makes an attempt in opposition to some customers.
“The account system was not compromised. What we did expertise and catch was an try and log in to some accounts. To guard our prospects we’ve got reset some passwords which prompted the message,” stated Daniel Benkwitt, a Pokemon Firm spokesperson.
Pokemon is a wildly fashionable recreation franchise with tons of of hundreds of thousands of gamers world wide.
Benkwitt stated that solely 0.1% of the accounts focused by the hackers had been really compromised, and reiterated that the corporate already pressured the impacted customers to reset their passwords, so there isn’t something to do for individuals who haven’t been pressured to reset their passwords.
The outline of the Pokemon account breaches seems like credential stuffing, the place malicious hackers use usernames and passwords stolen from different breaches and reuse them on different websites.
A latest instance of the same incident is what occurred final 12 months to the genetic testing firm 23andMe. In that case, hackers used leaked passwords from different breaches to interrupt into the accounts of round 14,000 accounts. By breaking into these accounts, the hackers had been then capable of entry the delicate genetic knowledge on hundreds of thousands of different 23andMe account holders.
That prompted the corporate (and a number of other different of its rivals) to roll out necessary two-factor authentication, a safety characteristic that forestalls credential stuffing assaults.
For its half, the Pokemon Firm doesn’t enable its customers to allow two-factor on their accounts, when TechCrunch checked.