Japanese game developer Capcom reported that earlier this week the company suffered a security breach that allowed intruders to access its internal systems.
The creator of such well-known video games as Resident Evil and Street Fighter said in a short press release that in the early hours of Monday, some of his networks encountered problems affecting access to email and file servers.
In response, the company switched off some of its systems. However, what should be a great relief for fans of Capcom’s video games is that the attack would not have affected players’ online access to video games and corporate websites.
But can someone who has successfully hacked into the Capcom network gain access to confidential data, such as client information?
The company’s official statement currently states that there is no evidence that customer information has been compromised.
Of course, as safety commentators like to point out, lack of evidence is not proof of absence. If you have ever shared confidential information with Capcom, you should assume that this data is now in the hands of cybercriminals and, as always, be wary of unsolicited email and other attacks that often occur after a data hack.
And while no customer data has been stolen from Capcom’s internal servers and email accounts, other sensitive data may have been stolen – such as a game developer’s intellectual property or details of the company’s plans for future game releases.
There’s some reason to fear a data breach.
Just last month, ZDNet reported that two other video game companies, Ubisoft and Crytek, were apparently involved in a security breach where stolen files were placed on a dark network.
These violations appear to have been perpetrated by a ransom gang called Egregor, whose malware is said to be closely linked to another ransom family called Sekhmet. Malwarebytes researchers have warned that attackers who previously used the Maze ransom program (who recently retired) have switched to Egregor.
However, it is still unclear what exactly may have happened at Ubisoft and Crytek and whether the company’s data was encrypted by a ransom like Egregor’s or simply stolen.
If Capcom has received ransom for Egregor, it may be sent to a Darknet site run by hackers who will demand payment of the cryptographic currency in exchange for the decryption key, and promise that the stolen data will not be publicly lost.
In its press release Capcom expresses its deep regret about the possible inconvenience caused by the burglary and its consequences. The company reports that it has reported the incident to the computer crime authorities and is working on restoring its systems.
We still don’t know how long it’ll take Capcom to get back to normal.
Editor’s note : The opinions expressed in this guest post are those of the author alone and do not necessarily reflect the views of Tripwire, Inc.