DMR News

Advancing Digital Conversations

Pokémon Resets Password for Certain Users Against Hacking Attempts

ByHilary Ong

Mar 23, 2024

Pokémon Resets Password for Certain Users Against Hacking Attempts

The Pokémon Company recently addressed a cybersecurity concern involving unauthorized access attempts on some user accounts. In response to these attempts, the company reset the passwords of the affected accounts to protect user information. This action follows the discovery of hacking attempts, as initially communicated through an alert on Pokémon’s official support website. The alert, which has since been removed, indicated that the company proactively locked the accounts of potentially impacted fans to prevent further unauthorized access.

A screenshot of the alert regarding hacking attempts that The Pokémon Company published on its official support website. (Credits: The Pokémon Company)

Daniel Benkwitt, a spokesperson for The Pokémon Company, clarified the situation by stating that the account system itself was not compromised. Instead, the security measures were a response to detected attempts to log into some accounts. By resetting the passwords for certain accounts, The Pokémon Company aimed to protect its customers from potential data breaches. This step was taken as a precautionary measure to ensure the security of user data.

The Pokémon franchise enjoys a massive global following, with hundreds of millions of players worldwide. Despite the broad user base, Benkwitt noted that only a small fraction, specifically 0.1% of accounts, were actually compromised in the recent hacking attempts. The company has already forced a password reset for those impacted, suggesting that users who have not been prompted to reset their passwords are not affected by this security incident.

This situation bears resemblance to credential stuffing attacks, a type of cyber attack where hackers use previously stolen usernames and passwords to gain unauthorized access to accounts on different platforms. An example of a similar incident occurred with 23andMe, a genetic testing company, where hackers accessed accounts using passwords leaked from other breaches. Following that incident, 23andMe, among other companies, implemented mandatory two-factor authentication (2FA) to enhance security measures and prevent such attacks.

However, as of the last update, The Pokémon Company does not allow users to enable two-factor authentication on their accounts, a security feature that could potentially add an additional layer of protection against credential stuffing and other forms of unauthorized access.


Related News:


Featured image was created with the assistance of DALL·E by ChatGPT

Hilary Ong

Hello, from one tech geek to another. Not your beloved TechCrunch writer, but a writer with an avid interest in the fast-paced tech scenes and all the latest tech mojo. I bring with me a unique take towards tech with a honed applied psychology perspective to make tech news digestible. In other words, I deliver tech news that is easy to read.

Leave a Reply

Your email address will not be published. Required fields are marked *