Game Freak, the developer behind the globally renowned Pokémon franchise, has reportedly fallen victim to a significant hack, resulting in the leak of sensitive data, including codenames for upcoming 10th-generation Pokémon games.
The Japanese gaming giant confirmed that the breach occurred in August, exposing source code and game ideas for unannounced projects.
Most people know Game Freak as the main developer and co-owner of the renowned Pokémon video game franchise. The franchise launched in 1996 with the release of Pokémon Red and Blue for the Nintendo Game Boy.
The company has since released a number of games for the 3DS, Switch, and other Nintendo platforms, as well as mobile games including Pokémon Quest for iOS and Android.
Source code and development builds for future Pokémon games developed by Game Freak were leaked over the weekend on websites and channels on Reddit, X, and Discord.
The Tokyo-based firm, run by CEO Satoshi Tajiri, apologised for the breach and is reaching out to impacted people, offering a point of contact for enquiries.
Although Game Freak has not formally recognised the game data breach, company confirmed that personal data of 2600 contractors, staff members, former employees, and business associates was compromised.
According to a report from Game Freak:
Game Freak Inc. announces that in August 2024, unauthorized access to our servers by a third party occurred, resulting in a leak of our employees’ personal information. We deeply apologize for any inconvenience and concern this may have caused to all concerned parties.
The disclosed data contains full names and firm email addresses, leading to the risk of phishing and targeted brute-force attacks. While Game Freak posted a warning on its website to ensure wider awareness, affected people will also be contacted individually.
Although the focus of Game Freak’s announcement was personal information, the stolen files also contained data for future releases such as Pokémon Legends: Z-A, and the much-awaited 10th generation games, codenamed “Gaia,” as well as Pokémon designs from Black and White.
According to a r/PokeLeaks, the leak includes a mixture of authentic and fraudulent information, making it challenging to confirm every file. Key files contain source code for Pokémon Bank, development builds of Pokémon Black 2/White 2, and even abandoned projects like a Quinty remake, Game Freak’s debut game.
The most recent official project from Game Freak, Pokémon Legends: Z-A, was revealed in February. The game is scheduled for release on the Nintendo Switch in 2025, with the first trailer confirming that it will take place in Lumiose City. Rumors suggest it will be a standard Switch title.
Game Freak has concluded its investigation, reassuring users that no Pokémon player data has been compromised. The company has implemented security measures to prevent similar breaches in the future, but the full extent of the current breach is still being evaluated as the analysis of sensitive data continues.
This isn’t the first major breach involving the Pokémon franchise. Nintendo, which has hosted Pokémon games for almost 30 years, was previously involved in the infamous ‘gigaleak’, in which various projects and source code were released.
A Canadian video game company called Red Barrels alerted gamers earlier this month to possible delays brought on by an attack. The Nitrogen ransomware group claimed responsibility, claiming that they had stolen 1.8 TB of confidential data from the studio, delaying the production of upgrades for the Outlast series and future games.
Phishing attacks are on the rise, and it is important to protect your organisation. One effective way to do this is by increasing user awareness about these types of attacks. Phishing Tackle is a great resource that can help you in this regard. They offer a free 14-day trial to help train your users to recognise and avoid phishing attacks.
While technology can assist in identifying phishing emails, it cannot catch 100% of them. Therefore, educating users is crucial to minimizing the impact of any successful attacks. Consulting with Phishing Tackle can provide insights and tools to help you strengthen your defences against phishing threats.
