KDDI "au one shopping mall" All services stopped, possibility of personal information leakage

According to the release from KDDI, 171 of the "au one shopping mall" user accounts were illegally logged in, and it seems that four of them confirmed that illegal purchase procedure was done. It is that de Mobile Inc. (DeNA) of that mobage (Mobage) that operates.

(PDF file) About unauthorized login to user account of "au one shopping mall"
http://www.kddi.com/corporate/news_release/pdf/20111216.pdf


According to KDDI, all services for PCs and smartphones (except for mobile phones) stopped at 19:50 on December 15, 2011 (service restarted at 13:20 on December 17th), in order to prevent damage expansion So, when you access the page at the time of article writing you will see the following screen.

Emergency system maintenance is under way now | au one Shopping Mall
http://m.aumall.jp/


Invalid login contents etc. are announced as follows.

1. Contents
From December 11, 2011, around 21:30 to December 14, around 2:30, we received a declaration from three customers that there is service unavailable from three customers, and conducted surveys at both companies As a result, from December 11th to December 13th, 2011, 171 illegal logins occurred by a third party on the PC version of "au one shopping mall", of which 4 customer accounts I confirmed that an unfair purchase procedure was done. As for fraudulent purchase procedures, all cancellation processing has been completed, and financial damage has not occurred.
In addition, for some of the accounts logged in illegally, registration information (customer's name, address, contact phone number, e-mail address, destination information, etc.) may have been browsed. However, the credit card number is masked and encrypted.
Although the details of the cause are being investigated this time, I am aware that it is not caused by external leakage of the customer's password due to unauthorized access to the inside of the system.

2. About customer's response
In order to prevent the spread of damage, after 19:50 on December 15, 2011, all services for PCs and smartphones, except for mobile phones, have been suspended since this event was discovered.
Also, we will promptly notify our customers about the situation and apologize.

3. Future response
Currently, we are taking measures to strengthen security functions against this incident, and we plan to restart the service as soon as the implementation of security functions is completed.

Four. Inquiry window
"Au one shopping mall" inquiry window
Dee · · · · · au one Co., Ltd. responsible for shopping mall
[email protected]
KDDI Corporation
From au mobile phone: 157
From general telephone: 0077-7-111
(Reception hours: Saturdays, Sundays, and holidays from 9 am to 8 pm)
that's all

This "au one shopping mall" is operated by deNA Inc. (DeNA) of that mobage (Mobage), and it is described as such on the following page as well.

Ecommerce - [DeNA] DN Inc.
http://dena.jp/dena/ec/


2011/12/17 14:53 Addendum
There is a release from KDDI, "We have announced that we have restarted service from 13:20 on December 17, as we have completed compliance with security enhancement so that customers can use the service with peace of mind." It is.