Final report announcement of cases where illegal access was done to Vector's server, 463 cases of stolen card information



In March 2012, there was suspicion of theft of personal information due to unauthorized access to the vector server, a final report on the contents of the investigation by the vector and two external survey institutions was announced.

【Vector】 Investigation result on unauthorized access to our server (final report)


In this case, abnormality occurred in part of the vector on March 21, and it was found that it ran out four times from 19th to 21st as a result of examination. Unauthorized access was done by the server holding the customer's information of the vector, and the accumulated information includes up to 261,161 information including credit card data. In the worst case it was thought that this was the total runoff.

Notice concerning illegal access to our server «Vector IR · Company information


Notice on possibility of leakage of customer information due to unauthorized access «Vector IR · Company information


The vector informed the user of this outflow, set up an accident countermeasure committee in the company, and started investigating by cooperation of Lac and Verizon Japan Limited Company. As a result, it turned out that the attacker intruded into the system and tampered with the program of the settlement system. Via a tampering program463 credit card information was stolenAnd that. This card information belongs to people who used online games for PCs, and does not include information on people who use software sales or mobile games.

In addition, the online game portal for PC "GAMESPACE 24" was suspected of leakage of ID and password, although damage was not confirmed, the system was revised in JunePerform password change of all usersDid. As mentioned above, initially there were releases of up to 260 thousand damage, but by investigation, it was judged that there was no theft other than 463 cases.

In vector, "Enhance access restriction" "Reduce and encrypt personal information" "Start installation of specialized equipment and monitoring" "Rebuild system" "Strengthen ID, Password system" "Acquire PCIDSS" "Credit card settlement We responded to seven points of restarting credit card information and non-retaining credit card information ", and in the future further" further strengthen security by reconsidering the entire network configuration "," Improve internal security level by tightening access authority " And stricter installation, operation and disposal management of client PCs "and so on.

in Note, Posted by logc_nt