Japanese game developer Capcom revealed a security breach earlier this week that led to malicious hackers entering its internal systems.
The manufacturer of popular video games such as “Resident Evil” and “Street Fighter” revealed in a short press release that in the early hours of Monday “some of its networks had problems” that affected access to email and file servers.
In response, the company shut down some of its systems. However, in what should be a huge relief to Capcom video game fans, it was said that the attack did not affect players’ online access to video games and the company’s websites.
But can someone who breaks into the Capcom network access any sensitive data, such as customer details?
For now, the company’s official statement says that “at the moment there is no indication that any of the customer information has been violated”.
Of course, as the security commentators like to point out, the absence of evidence is not evidence of an absence. If you have ever shared sensitive information with Capcom, it might be wise to assume that these details may now be in the hands of cybercriminals, and – as always – be careful about unwanted emails and other attacks that often occur after a breach. data.
Even if customer information is not stolen from Capcom’s internal servers and email accounts, other sensitive data may be stolen – such as intellectual property from the video game developer, or details of the company’s plans for future video game releases.
There is reason to be concerned that a data breach may occur.
Just last month, ZDNet I reported that two other video game companies, Ubisoft and Crytek, had apparently suffered from a security breach that saw stolen files being posted on the dark web.
These breaches appear to have been the work of a ransomware gang calling itself Egregor, whose malware is said to be closely related to another family of ransomware known as Sekhmet. Researchers at Malwarebytes have warned that cybercriminals previously using Maze ransomware (who recently retired from active service) have switched to Egregor.
However, at the moment, it’s not clear what exactly happened in Ubisoft and Crytek, and whether company data was encrypted by ransomware like Egregor or was just stolen.
If Capcom gets infected with Egregor ransomware, they’ll likely be directed to a darknet website run by hackers, demanding cryptocurrency payment for the decryption key and a promise not to publicly leak the stolen data.
In its press release, Capcom expresses “deep regret for any inconvenience” that may have been caused by the hack and its consequences. The company says it has reported the incident to computer crime authorities, and is working to restore their systems.
At the moment, it is not clear how long it will take Capcom to return to normal operations.
Editor’s note: The opinions expressed in the guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.