Attempted hack of Pokemon accounts prompt password resets

Over the past few year the Pokemon Company established a DevSecOps culture around Pokemon Go. Today’s columnist, Robert Brennan of Fairwinds, offers advice on how companies can effectively balance the trade-off between development speed and security.

TechCrunch reports that the Pokemon Company has implemented password resets for some of its users' accounts following a series of hacking attempts.

Only 0.1% of targeted Pokemon accounts have been breached, according to Pokemon Company spokesperson Daniel Benkwitt, who emphasized the absence of further compromise. "The account system was not compromised. What we did experience and catch was an attempt to log in to some accounts. To protect our customers we have reset some passwords which prompted the message," said Benkwitt, who added that no action is needed among individuals who were not forced to replace their passwords. No further details regarding the incident were provided but TechCrunch suspects the likelihood of a credential stuffing attack similar to the one that impacted 23andMe last year. Such an intrusion, which facilitated access to nearly 14,000 23andMe accounts then leveraged to infiltrate millions of other users' genetic data, has resulted in widespread deployment of mandatory two-factor authentication among companies in the genetic testing space.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.