Elden Ring Publisher Confirms Security Breach, Says Customer Data May Be Impacted

Bandai Namco — the publisher behind big names like "Elden Ring," "Dark Souls," and the "Tekken" franchise — has confirmed that it suffered a data breach earlier this week and that it's still investigating the scope of the damage. The notorious ransomware group ALPHV, which also goes by the name BlackCat, claimed to have broken into Bandai's systems. The revelation was shared by malware source code repository vx-underground.

The ransomware attack was allegedly executed on July 3, 2022, but it seems to have taken Bandai Namco more than a week to assess and confirm that its internal servers were targeted. The publisher has since taken remedial steps to deal with the issue, including blocking access to the affected servers, and is currently assessing whether any sensitive information was leaked, aside from tracing the attack source.

In a statement shared with Eurogamer, Bandai Namco revealed that "there is a possibility that customer information related to the Toys and Hobby Business in Asian regions (excluding Japan) was included in the servers and PCs." While the publisher is playing it safe with its admission, past attacks on fellow gaming companies have led to the theft of source code, details of in-development projects, and controversial internal communication logs, among other sensitive information. 

Why is the ALPHV (BlackCat) group infamous?

The attacker behind the Bandai Namco security breach is a well-known name. According to the FBI, the BlackCat/ALPHV group has been documented as the perpetrator of attacks on 60 entities across the globe, so far. It is also the first known ransomware group to use the RUST programming language for launching cyberattacks. Renowned malware researcher Michael Gillespie described the group's eponymous attack vector as "very sophisticated ransomware."

Know to collect their ransom bounty in the form of Bitcoin and Monero crypto coins, the group is also linked to the famous Colonial Pipeline hack. In May 2022, the group launched an attack on the Austrian federal state of Carinthia, disrupting multiple critical government services linked to traffic management, passport generation, and more (via Euractiv). The group demanded $5 million in ransom to unlock the affected computer network.

In June, the ALPHV/BlackCat ransomware group adopted a new strategy that involved publicly sharing the stolen data in order to force the victim into paying the ransom, according to KrebsOnSecurity. While a majority of ransomware groups publish the leaked data on the dark net, which can only be accessed via Tor services, ALPHV/BlackCat put their haul on the World Wide Web, which means it was available for anyone to see, increasing the pressure on victims.