A ransomware attack launched against gaming company Capcom last November keeps getting worse, threatpost reported this week. The company now says that the personal data of up to 400,000 of its customers was compromised in the attack — 40,000 more than the company originally thought. Capcom is a Japan-based publisher of blockbuster games like Resident Evil, Street Fighter and Dark Stalkers. The breach was first detected on Nov. 2.. On Nov. 19, Capcom said its personal as well as corporate data was compromised. This is the third update from Capcom on the incident.
Commenting on the news, Michael Barragry, operations lead and security consultant at Edgescan, stated:
Lockdowns and less population mobility inevitably lead to higher uptake in online gaming, and in-game purchases may increase the “value” of some user accounts for attackers.
The stolen data belonging to 400,000 users could be used for further attacks such phishing/social engineering/ID impersonation, therefore users are encouraged to change their account credentials and to be extremely cautious when opening on unsolicited emails. Even messages coming from Capcom themselves might be malicious, as attackers sometimes attempt to trick affected users into clicking on a malicious link by pretending to be the vendor informing them of the security breach.
It’s interesting how these attacks often “get worse” over time – the severity of such attacks are not always entirely understood at the beginning.