Pokemon dev Game Freak confirms breach after stolen data leaks online

Japanese video game developer Game Freak has confirmed it suffered a cyberattack in August after source code and game designs for unpublished games were leaked online.

Game Freak is best known for being the co-owner and the primary developing studio of the Pokémon series video game, which started in 1996 with the Pokémon Red and Blue for Nintendo Game Boy.

The gaming studio has since released multiple titles in the Pokémon series for various Nintendo platforms like the 3DS, Switch, and iOS and Android (Pokémon Quest).

Over the weekend, various leak sites and channels on Discord, Reddit, and X began posting screenshots of source code and development builds of upcoming Pokémon games developed by Game Freak.

While Game Freak has not acknowledged the leak of this game data, it did confirm that the personal information of its workforce, contractors, and former employees, including retirees and former business associates was stolen.

“Game Freak Inc. announces that in August 2024, unauthorized access to our servers by a third party occurred, resulting in a leak of our employees’ personal information,” reads the machine-translated notice.

“We deeply apologize for any inconvenience and concern this may have caused to all concerned parties.”

The leaked information includes full names and company email addresses, which lessens the risk for those involved, limiting it to phishing and targeted brute-forcing attacks.

Those determined to have been impacted by the incident will be contacted individually, but Game Freak published the notice on its site as not everyone can be reached.

It is presumed that Pokémon player data has not been impacted, as Game Freak states its detailed investigation of the breached servers has been concluded, and security measures to prevent similar incidents from occurring in the future were implemented.

Earlier this month, Canadian video game developer Red Barrels warned its community of players that a cyberattack would likely cause development delays on patches and additional content for existing Outlast games and upcoming titles.

The attack was later claimed by the Nitrogen ransomware group, who claimed to have stolen 1.8 TB of confidential data from Red Barrels.

As of writing this, no threat actors have claimed responsibility for the attack on Game Freak.