The Pokémon Company announced that it detected a hacking attempt against some users and reset the passwords for those user accounts.
Last week, a warning appeared on Pokémon's official support website, saying, “Following an attempt to compromise our account systems, Pokémon has proactively locked the accounts of potentially affected fans.” The content was
A warning about a hacking attempt posted by The Pokémon Company on its official support website.
As of Tuesday, the warning has been lifted. A company spokesperson said there was no breach, just a series of hacking attempts against some users.
“The account system was not compromised. What we experienced and caught were login attempts to several accounts. For your protection, we have removed some of the passwords that led to the message. ,” said Pokemon spokesperson Daniel Benkwit.
Pokemon is a hugely popular game series with hundreds of millions of players around the world.
Benkwit said only 0.1% of accounts targeted by hackers were actually compromised, and the company has already forced affected users to reset their passwords. It reiterated that users who are not forced to do so have nothing to do. password.
The description of the Pokemon account breach sounds like credential stuffing, where malicious hackers use usernames and passwords stolen from other breaches and reuse them on other sites.
A recent example of a similar incident was last year at genetic testing company 23andMe. In this case, hackers used passwords leaked from other breaches to break into approximately 14,000 accounts. By breaking into these accounts, hackers were able to access the sensitive genetic data of millions of other 23andMe account holders.
This led the company (and several other competitors) to introduce mandatory two-factor authentication, a security feature that prevents credential stuffing attacks.
TechCrunch found that the Pokémon Company does not allow users to enable two-factor on their accounts.