The Pokémon Company recently addressed a cybersecurity concern involving unauthorized access attempts on some user accounts. In response to these attempts, the company reset the passwords of the affected accounts to protect user information. This action follows the discovery of hacking attempts, as initially communicated through an alert on Pokémon’s official support website. The alert, which has since been removed, indicated that the company proactively locked the accounts of potentially impacted fans to prevent further unauthorized access.
Daniel Benkwitt, a spokesperson for The Pokémon Company, clarified the situation by stating that the account system itself was not compromised. Instead, the security measures were a response to detected attempts to log into some accounts. By resetting the passwords for certain accounts, The Pokémon Company aimed to protect its customers from potential data breaches. This step was taken as a precautionary measure to ensure the security of user data.
The Pokémon franchise enjoys a massive global following, with hundreds of millions of players worldwide. Despite the broad user base, Benkwitt noted that only a small fraction, specifically 0.1% of accounts, were actually compromised in the recent hacking attempts. The company has already forced a password reset for those impacted, suggesting that users who have not been prompted to reset their passwords are not affected by this security incident.
This situation bears resemblance to credential stuffing attacks, a type of cyber attack where hackers use previously stolen usernames and passwords to gain unauthorized access to accounts on different platforms. An example of a similar incident occurred with 23andMe, a genetic testing company, where hackers accessed accounts using passwords leaked from other breaches. Following that incident, 23andMe, among other companies, implemented mandatory two-factor authentication (2FA) to enhance security measures and prevent such attacks.
However, as of the last update, The Pokémon Company does not allow users to enable two-factor authentication on their accounts, a security feature that could potentially add an additional layer of protection against credential stuffing and other forms of unauthorized access.
Related News:
Featured image was created with the assistance of DALL·E by ChatGPT