Japanese news outlet NHK reported today that as many as 1.8 million accounts associated with Square Enix Members may have been compromised in some form during the unauthorized intrusion that Square discovered and made public two days ago. The service reportedly has a grand total of 2.1 million users around the world, so that would mean that the vast majority of them were affected. Credit card data is thankfully not stored in the service; however, semi-sensitive data such as names, email addresses and phone numbers might have leaked out.
For its part, Square Enix released another statement yesterday saying that “user login credentials were not accessed.” Continuing, the publisher stated that it has “not found evidence that the individual was able to access any personal information at all.” Their statement seems to imply that they believes a single person is responsible. We reached out to Square for clarification on that point, but they chose not to respond.
The service will remain offline for the foreseeable future as Square continues to investigate the problem, and they will be sending an email out to the entirety of the membership base informing them of the situation. No action need currently be taken by said individuals. They have also informed the Japanese Internal Ministry of Affairs and Communications.
[Sources: NHK, Andriasang, and Square Enix]
