Hacking will always be a threat for as long as the internet exists. No matter how much progress is made with security software, there will always be a hacker somewhere trying to find a way through it. Every time security software becomes more sophisticated, so do the hackers. It’s a constant game of cat and mouse, with ordinary people and their personal data caught in the middle of it. We all know how important it is to make sensible decisions online and take the right precautions with our data. Even that sometimes isn’t enough. No matter how well protected the data on your computer is, your information can still be compromised if you’ve shared it with another entity and trusted them to take care of it for you. That’s been proven by what’s just happened to Capcom.
In case you’ve missed it in the news this week, Capcom – one of the world’s biggest computer game development companies – has confirmed that it’s been attacked by hackers. Because of that hack, the data of more than three hundred thousand people may have been compromised. Aside from being a public relations disaster for the business, it’s also likely to cause Capcom financial damage. This was a ransomware attack, locking up several of the company’s computers. Capcom believes that some of its financial information might already have been stolen.
Although the attack wasn’t reported until November 16th, Capcom has confirmed that it took place on November 2nd. In a report, the company stated that their servers had been directly attacked, with vital data scrambled. That data is now impossible to either amend or view, and some data has been lost completely. Because the data has been lost, Capcom cannot yet confirm specifically whether any customer information has been accessed. If it has, it might be bad news for anyone who owns Capcom games and plays them online. That would include anyone who plays recent versions of “Monster Hunter,” “Resident Evil,” and the company’s hugely popular “Street Fighter” series.
At this early stage of reporting, it’s not known specifically which versions of which Capcom games might have been targeted. The fifth “Street Fighter” game is the most recent in the series and would therefore be the most likely to be targeted as it will have the most users. Tertiary products, such as the “Street Fighter” branded range of playtech slots at websites, won’t have been harmed. Even though they’re Capcom-approved and carry the “Street Fighter” name, the online slots are maintained and run by the websites upon which they appear. There will only be a risk to data if hackers managed to obtain access information to any of those online slots websites, which can’t have happened as the connection between Capcom and the companies that operate the online slots isn’t strong enough. Only data attached to centralized Capcom products is likely to have been placed at risk.
While Capcom isn’t publishing any more information about the hack as of the time of writing, the company responsible for it is. A group of hackers known as “Ragnor Locker” claims to have carried out the attack and posted a worrying message on its darknet home page over the weekend. In the message, the company says that Capcom was given a deadline to pay the necessary ransom fee to receive an encryption key for the scrambled data but failed to do so. Ragnor Locker has now suggested that it might start leaking sensitive data online soon. Thus far, there’s no sign that they’ve started doing that, and so they might be bluffing. It’s important to remember that Capcom only considers it to be “possible” that customer data has been accessed and can’t explicitly confirm whether Ragnar Locker managed to get its hands on anything useful or not.
The issue with being unable to confirm specifics appears to relate to the company’s digital logs. All Capcom has confirmed for sure thus far is that nine of its own employees have had their personal information accessed. As log files have been deleted or scrambled, there’s no way of knowing what other systems or files might have been opened or copied. Depending on what’s been accessed, anything from fragmented data – such as lists of customer email addresses – to complete data, such as names, addresses, dates of birth, and other identifying information – might be at risk. Initial investigations have suggested that some data from Japanese customer support records might have been targeted, with the official American Capcom e-store a secondary target. It’s unlikely that data from one of those places would marry up with data from the other, so the hackers might have incomplete data. If so, it would be practically useless. One thing that Capcom can say with certainty is that no payment information or credit card details have been compromised, as the company’s preferred third-party affiliate handles all of that information.
This news is an unwelcome distraction for Capcom during a time when it would much rather be talking about the new games it intends to bring to the market for the new generation of video game consoles. A brand-new thirty-second trailer for “Resident Evil: Village” was released a few days ago and would typically be the talk of the video gaming world, but because of the news about the hack, it’s gone almost unnoticed. Capcom will be hoping to put the whole issue to bed as soon as possible so they can get back to promoting new games and talking about success stories. To do that, it’s likely that they’ll need to be able to provide absolute confirmation about whether customer details have been accessed or not. It’s not clear when they’ll be able to give that confirmation.
In the meantime, Capcom insists that the attack is over and that all of its games are safe to play online without fear of data being intercepted or compromised. The company has also confirmed that its websites are secure and that customers should have no reservations about using them either. This has been an unfortunate incident for Capcom, but it’s another reminder that no company – even one of the biggest gaming companies in the world – is safe from the threat of cybercrime.