2021/07/28Information To Customers
Notice Concerning Unauthorized Access to KLab IDs
KLab Inc.(TSE Prime Market: 3656)
We confirmed that there was an unauthorized external login to the KLab ID service that we provide (hereinafter referred to as "service"). We deeply apologize for the inconvenience and concern caused to our customers.
This unauthorized login is highly likely to be related to the notice from July 26 regarding the suspicious large volume of access where the unauthorized login of email addresses registered in this service were combined with passwords obtained from outside the company (password list-type attack).
We have completed steps to change passwords to protect customer information for accounts that may have been affected by unauthorized logins.
1. Background
・July 22, 2021 (12:36 JST or after): unauthorized login to this service occurred
・July 27, 2021 (17:31 JST): KLab detected the occurrence of unauthorized logins
・July 28, 2021 (14:30 JST): changed passwords for a series of suspicious mass access to email addresses (5,762 email addresses)
2. Status of Unauthorized Logins
1) Number of users of this service that were confirmed to have unauthorized logins: 2,439
*as of July 28, 2021
2) Information That May Have Been Viewed
・Customer information registered in this service (e-mail address, secret questions and answers, date of birth, gender, language)
・Application name in collaboration with this service
・All information that can be viewed in the application linked to this service
The passwords for this service are stored in a non-recoverable form (one-way encryption, salted hash) and the company has not confirmed any passwords that may have been compromised.
3. Response
We have taken steps to change passwords to protect customer information for accounts that have been subject to a series of suspicious mass access. In conjunction with this we are contacting customers whose accounts were affected.
4. Request to Customers
Customers using this service are asked to take the following measures to prevent unauthorized logins.
1) Set a password that is different than what is used for other company services
2) Setup a two-step authentication
The password can be changed from the following URL.
https://www.id.klabgames.net/recover/password
After logging in to this service, you can change the two-step authentication setting from the "Change Registered Information" screen under Account Management.
We sincerely apologize for the inconvenience and concern caused to our customers.