Skip to content

Pokémon developer faces major data leak

A screenshot from Pokémon Sword / Pokémon Shield
Image: Nintendo

Hackers released a collection of leaked data from Pokémon game developer Game Freak over the weekend, including personal information about employees. Game Freak — which develops the main lineup of Pokémon video games — confirmed the breach in a statement, saying (per a machine translation from Japanese) that it was the result of “unauthorized access to our servers by a third party” and dated back to August of 2024.

Game Freak said the leaked personal information — which it characterizes as names and company email addresses — included around 2,600 items. As Polygon notes, however, the breach appears to include much more than employee information. Redditors and others say they’ve unearthed source code from previous games as well as unused pokémon designs and other things that were scrapped during the development process of those games. They’ve allegedly found more limited detail about future projects, including some codenames for future games.

There are no apparent reports of direct leaks from the other companies involved in Pokémon as part of this breach, including Nintendo, Creatures Inc., and the jointly owned Pokémon Company.

Game Freak’s statement, which is dated to October 10th but, according to Polygon, appeared on the 13th, says the server has since been secured and that the company is taking steps to bolster its security measures. Here’s the full machine translation:

October 10, 2024

Game Freak Inc.

Notice and apology regarding the leak of personal information due to unauthorized access

Game Freak Inc. (Headquarters: Chiyoda-ku, Tokyo, CEO: Satoshi Tajiri, hereinafter referred to as “the Company”) has discovered that the personal information of our employees and others was leaked in connection with unauthorized access to our server by a third party in August 2024.

We sincerely apologize for the great inconvenience and concern caused to all concerned parties.

1. Leaked personal information

Personal data regarding our employees, etc.*

Items: Name, company email address

Number of cases: 2,606

*Our employees, contracted business workers (including G-appointed employees and former employees)

2. Response to those whose personal information has been confirmed to have been leaked

We are contacting the relevant employees, etc. individually.

For those who cannot be contacted individually due to resignation, etc., we will notify them through this announcement and set up a hotline to handle inquiries regarding this matter.

3. Measures to prevent recurrence

We have already rebuilt and re-inspected our servers, but we will work to prevent recurrence by further strengthening our security measures.

4. Inquiries regarding this matter

Inquiries from those affected by this matter can be made through the hotline below.