KLab ID への不正ログインに関するお知らせ

(* English text follows after Japanese)

KLab株式会社(以下「当社」)が提供するKLab ID(以下「当サービス」) へ、外部からの不正なログインがあったことを確認いたしました。お客様にはご迷惑とご心配をおかけしますことを深くお詫び申し上げます。




・KLab IDに登録されているお客様情報(メールアドレス、ひみつの質問と回答、生年月日、性別、言語)
・KLab IDと連携中のアプリ名
・KLab IDと連携したアプリ内で閲覧できる全ての情報


KLab IDをご利用のお客様におかれましては、不正ログインを防止するため、以下の点にご注意くださいますようお願い申し上げます。


<KLab IDのパスワード再設定ページ>


Notice Concerning Unauthorized Access to KLab IDs

We have detected unauthorized access to our KLab ID service by a third party. The following is a summary of what occurred and the steps we have taken to remedy the situation. We apologize for any inconvenience this may cause, and we would like to thank all of our players for their cooperation and kind understanding.

1. Background
On June 9, 2018 (UTC+9), we detected a large number of suspicious access attempts to log in to the KLab ID service.

The suspicious access attempts occurred during the following time periods (UTC+9).
- 5:11 pm on June 8, 2018 to 5:16 pm same day
- 10:56 pm on June 8, 2018 to 1:52 am on June 9

After looking into the issue, it became clear that this was most likely an unauthorized access attempt by a third party, and not the actual account owners themselves. It appears to be a "password list attack" that used email addresses and passwords that may have leaked from an external service unrelated to KLab, as well as often-used passwords in order to conduct a large amount of login attempts to the KLab ID service.

We have checked our systems, and we found no trace of any passwords or other information leaked directly from KLab.

2. Status of Unauthorized Logins
1) Number of user accounts that were confirmed to have been logged in to without authorization: 366 accounts
* Number current as of June 9, 2018 (UTC+9)

2) List of Information Possibly Viewed by a Third Party
- Information registered to the affected KLab ID (email address, secret question and answer, date of birth, gender, and language settings)
- Names of apps linked with the affected KLab ID
- Any information viewable inside the apps linked with the affected KLab ID

3. Solutions Implemented
In order to protect the affected users and their account information, we implemented a safety measure that prevents the affected players from temporarily using their account. We have also individually contacted the owners of the affected accounts.

4. KLab's Request to Our Customers
For our players using the KLab ID service, we ask that you kindly take the following precautions in order to prevent unauthorized logins.

1) Please set a password that you do not use on any other services provided by other companies.
2) Please try to set a password that is difficult to guess for others as possible.

Players can change their passwords at the following URL.

KLab ID Password Reset Page

We would like to offer our sincerest apologies for this unfortunate set of circumstances, and for any trouble that may have been caused by this issue.