Pierluigi Paganini
October 15, 2024
Game Freak Inc. is a popular Japanese video game developer, founded on April 26, 1989, by Satoshi Tajiri, Ken Sugimori, and Junichi Masuda. It is primarily known as the main developer of the Pokémon video game series.
Game Freak confirmed it suffered a cyberattack in August following the leak of source code and game designs for unpublished games.
Screenshots of source code and development builds for upcoming Game Freak’s Pokémon games were published on multiple social media platforms, including Discord, Reddit, and X over the weekend.
Nintendo Everything also reported the leak of Pokémon game source code, unseen Pokémon art, design documents, and other development materials surfacing online.
Game Freak has been hacked. This is a new leak like the gigaleak from Nintendo from a few years ago. It has multiple Gigabytes of info.
— Centro LEAKS (@CentroLeaks) October 12, 2024
It includes source code and beta builds of HGSS and BW2. pic.twitter.com/WIZjyuwYuY
The Tokyo-based developer confirmed that threat actors had access to the company’s systems and allegedly stole a huge trove of data.
“(Game Freak Co., Ltd.) (Headquarters: Chiyoda-ku, Tokyo; Representative Director: Satoshi Tajiri, hereinafter referred to as “our company”) would like to inform you that due to unauthorized access to our company’s server by a third party in August 2024, personal information of our employees and others was leaked. We sincerely apologize for any inconvenience and concern this may cause to those involved.” reads the statement.
The leaked data included personal data (names and company email addresses) of 2,606 individuals, covering employees, contractors, and retirees.
“We are contacting the affected employees and others individually. For those who have retired or cannot be contacted individually, we will inform them through this announcement and establish an inquiry window to address their concerns.” continues the statement. “Although we have already rebuilt and re-inspected our servers, we will strive to prevent recurrence by further strengthening our security measures.”
The company is not aware of any impact on Pokémon player data following the cyber attack. At this time, no threat actors have claimed responsibility for the cyberattack.
In 2020, Nintendo, another co-owner of Pokémon, suffered a data breach, with attackers leaking source code, internal documents, and development tools.
The Japanese video game giant Nintendo admitted that threat actors breached 300,000 accounts. The hackers gained access to personal information, including birthdays and email addresses, but financial data were not impacted.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Game Freak)
