[BreachExchange] Data Breach at ‘Resident Evil’ Gaming Company Widens

[Destry Winant]

https://threatpost.com/data-breach-resident-evil-gaming/162977/

Capcom, the game developer behind Resident Evil, Street Fighter and
Dark Stalkers, now says its recent attack compromised the personal
data of up to 400,000 gamers.

A ransomware attack launched against gaming company Capcom last
November keeps getting worse. The company now says that the personal
data of up to 400,000 of its customers was compromised in the attack —
40,000 more than the company originally thought.

Capcom is a Japan-based publisher of blockbuster games like Resident
Evil, Street Fighter and Dark Stalkers.  The breach was first detected
on Nov. 2.. On Nov. 19, Capcom said its personal as well as corporate
data was compromised. This is the third update from Capcom on the
incident.

“As an update to its ongoing investigation, the company has verified
that the personal information of an additional 16,406 people has been
compromised, making the cumulative number since this investigation
began 16,415 people, the latest update dated Jan. 12 said. “Further,
the company has also ascertained that the potential maximum number of
customers, business partners and other external parties etc., whose
personal information may have been compromised in the attack is
approximately 390,000 people (an increase of approximately 40,000
people from the previous report).”

The announcement added an investigation is ongoing and that new
evidence of additional compromise could still come.

“Capcom offers its sincerest apologies for any complications and
concerns that this may bring to its potentially impacted customers as
well as to its many stakeholders,” the statement said.

Ragnar Locker

The Ragnar Locker ransomware group is the most likely culprit. The
ransom note, accessed by Bleeping Computer at the time the incident
was first revealed, said the Ragnar Locker group claimed
responsibility and said they had downloaded more than 1TB of corporate
data, including banking details, contracts, proprietary data, emails
and more.

Gaming is increasingly becoming a target for all types of
cyberattacks. Over the past several months, along with Capcom, popular
games like Among Us, Minecraft, Roblox and Animal Jam all reported
breaches or hacks, while publishers like Ubisoft have also found
themselves in the crosshairs. And in October, the REvil ransomware
gang threatened a “big hit” on gaming.

Leading gaming companies are attractive to cybercriminals that aim to
turn a profit by selling leaked insider-credentials. Recently, more
than 500,000 stolen credentials tied to the top 25 gaming firms were
found on caches of breached data online and up for sale at criminal
marketplaces, according to researchers at Kela.

Boris Cipot, senior sales engineer with Synopsys, said that player
accounts often link to payment details, making them attractive to
criminals.

Gaming a Target

“The gaming industry is a common target for attacks, be it data theft
or ransomware attacks,” Cipot said. “An interesting observation within
the gaming industry is that player accounts are often high-value
assets due to in-app purchases, or rewards from leveling up. In other
words, gaming accounts are often seen as items for sale — at least
accounts owned by adults spending money.”

The good news for Capcom customers is that the company doesn’t think
any customer credit-card data was exfiltrated during the breach. The
company goes onto reassure players it’s currently safe to play and
purchase the company’s games online.

“None of the at-risk data contains credit card information,” the
update said. “All online transactions etc. are handled by a
third-party service provider, and as such Capcom does not maintain any
such information internally,” Capcom advised. “Additionally, the areas
that were impacted in this attack are unrelated to those systems used
when connecting to the internet to play or purchase the company’s
games online, which have continued to utilize either an external
third-party server or an external server.”

For those Capcom customers who have been impacted, the company is
reaching out to discuss next steps. The company said its continuing
efforts to investigate the matter with law enforcement and IT security
specialists, adding its systems have largely recovered and the company
will provide any additional updates.

“Capcom would once again like to reiterate its deepest apologies for
any complications or concerns caused by this incident,” the statement
said. “As a company that handles digital content, it is regarding this
incident with the utmost seriousness. In order to prevent the
reoccurrence of such an event, it will endeavor to further strengthen
its management structure while pursing legal options regarding
criminal acts such as unauthorized access of its networks.”