Elden Ring Publisher Faces A Major Data Breach
The Japanese company, most notable for publishing Elden Ring, announces they are dealing with a significant data breach. The massive leak of customer information has the ransomware group, BlackCat to blame.
Let’s get into it.
Announcement of Data Breach
On July 11th, an organization by the name of VX-Underground, who tracks malware source code on the internet, announced the leak. They were able to track information pertaining to the ransoming of Bandai Namco on the ALPHV website. ALPHV, previously known as BlackCat, is a ransomware group that exploits enterprise network vulnerabilities.
Following this announcement, the video game publisher did not immediately respond. However, it is not uncommon for these companies themselves find out about the leak at the same time as everyone else.
VX-Underground previously reported on the infamous Lapsu$ group’s hacks before the companies themselves knew about them.
Only after a few days did Bandai Namco acknowledge the attack. The message to public being that they are aware of the situation and are looking into the root of the issue.
Previous Malicious Activity
You might remember in early July, that Namco was experiencing illegal access attempts into their internal systems by several third parties in the Asian region.
When news broke, Namco announced they were able to verify the unauthorized access. At that point, taking steps to block access and prevent any further damage.
It’s possible that this is the first attempt to leak customer information. Specifically data tracing back to the Toy and Hobby servers.
The investigation is still ongoing to determine the status of this leak. Namco promises to disclose the results of this investigation and work with external experts to strengthen security and prevent future vulnerabilities.
How Dangerous is BlackCat?
According to several computer security specialists and the FBI, many members of BlackCat have a link to the Colonial Pipeline hack of last year. Since then, the group has been ramping up their ransomware attempts.
One tactic BlackCat uses threatens to publish victims confidential employee information if they don’t pay a large ransom.
The group is known to target school districts and other public entities and ask for millions of dollars in ransom.
Huge Target on Gaming Companies
This attack is the most recent in a string of attacks targeting large gaming companies.
A number of Capcom’s unreleased titles, including Dragon’s Dogma 2, were leaked in late 2020.
A massive breach on chipmaker Nvidia, forced the release of several big video game projects, including Kingdom Hearts 4.
Employee information and the source code for one The Witcher 3 and Cyber Punk 2077 creator, CD Projekt Red’s games, were taken in early 2021.
Even Electronic Arts (EA), the creator of FIFA, was targeted by an attempt to make Vice blackmail them on the hackers behalf.
Is Work From Home to Blame?
It is uncertain whether this uptick in security breaches has anything to do with businesses continuing to have employees work from home or if hackers are just getting better with technology.
Capcom attributes most of its vulnerabilities to the remote work environment.
At the same time, the blockchain network Axie, who deals in crypto gaming, suffered a costly cyberattack earlier this year. All resulting from a staff member who fell for a well put together phishing scam.
Luckily for Dark Soul lovers, Namco took Dark Souls I, II, and III offline after becoming aware of an exploit.
When in Doubt, Ask for Help
Seeing how the Elden Ring publisher faces a major data breach might raise your eye to your own protection. As more information on the extent of this attack surfaces, it’s best to prepare for these situations.
Business owners want to be able to update their clients on cybersecurity issues without accidentally opening up more vulnerabilities. As an IT service provider, we can help you formulate the best plan of action when it comes to your cybersecurity position.
Check out our recent YouTube video on why you should Keep Hackers from Accessing Your Online Accounts Protect your business from having its assets sold on the Dark Web.
For more information on cybersecurity, feel free to book a time to chat with us via the Calendly link below. I’d be happy to discuss ways to optimize your company’s IT.
Click here to schedule a free 15-minute meeting with Stan Kats, our Founder and Chief Technologist.
STG IT Consulting Group proudly provides IT Service for Small to Medium Businesses in Greater Los Angeles. We’d love to see if we can help you too!