Back in November 2020, Capcom – the legendary Japanese developer and publisher behind beloved series like Mega Man, Street Fighter and Resident Evil – announced that they suffered from a ransomware hack on the company’s internal networks. Initially, the company could not confirm an exact number of users who had their data compromised as a result of the attack. However, though there was a chance, it said, that some 350,000 people may have had their information compromised.
According to a press release by Capcom, it turns out that the situation may have been a lot worse than expected. It’s suspected that 390,000 people may have been affected – that’s a difference of 40,000.
Michael Barragry, Operations Lead and Security Consultant at edgescan, said:
“Lockdowns and less population mobility inevitably lead to higher uptake in online gaming, and in-game purchases may increase the “value” of some user accounts for attackers.
The stolen data belonging to 400,000 users could be used for further attacks such phishing/social engineering/ID impersonation, therefore users are encouraged to change their account credentials and to be extremely cautious when opening on unsolicited emails. Even messages coming from Capcom themselves might be malicious, as attackers sometimes attempt to trick affected users into clicking on a malicious link by pretending to be the vendor informing them of the security breach.
It’s interesting how these attacks often “get worse” over time – the severity of such attacks are not always entirely understood at the beginning.”
The company has apologized and reassures everyone that things have recovered are back to normal. They will also be looking into legal action as a result.