Gotta Hack 'Em All: Pokémon passwords reset after attack


March 20, 2024

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Gotta Hack 'Em All: Pokémon passwords reset after attack

Are you using the same passwords in multiple places online?

Well, stop.  Stop right now.  And make sure that you've told your friends and family to stop being reckless too.

Because if you use the same login credentials in different places online, you're behaving in a very risky way.  If a cybercriminal breaches a system and steals the passwords used on one online service, you can bet your bottom dollar they won't waste any time before exploring if those same userid/password combinations might unlock other threats online.

Some fans of Pokémon are finding that out right now, it seems, after the monster-collecting gaming phenomenon's official support site warned that it had been forced to lock some users out of their accounts after it detected attempts to compromise them by hackers.

As TechCrunch reports, The Pokémon Company posted an alert explaining that some users would have to reset their passwords to regain access.

Following an attempt to compromise our account system, Pokémon proactively locked the accounts of fans who might have been affected. If you are unable to log in to your Pokémon Trainer Club account, please reset your password following the instructions here.

According to Pokémon spokesperson Daniel Benkwitt, the company's account system was "not compromised."

"What we did experience and catch was an attempt to log in to some accounts. To protect our customers we have reset some passwords which prompted the message,” Benkwitt said.

FleeceKing, a top Pokémon Go player with a Guinness World Record for reaching Level 50, understands the pain of losing access to their Pokémon account.

Last week, FleeceKing reported that his account had been hacked and described himself as an "emotional wreck."

A hacker called MasterWarlord01 published a video of them accessing FleeceKing's account and deleting the player's favourite Pokémon, Mareep.

FleeceKing, who called the experience "extremely stressful," was lucky to regain access to his account within 24 hours with help from Pokémon Go's support team at Niantic.

There's no doubt in my mind that FleeceKing and other Pokémon Go fanatics would do well to harden their online security. They should not only choose unique, strong, hard-to-crack passwords but also ensure that they are defending themselves against phishing and malware threats and enabling multi-factor authentication wherever available.

Unfortunately, the Pokémon Company does not appear to have built support for two-factor authentication into its site.




Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like