Developed by Japan’s largest gas utility, ‘Furo Koi’ was created to offer bathing advice to users
Around 10,000 email addresses belonging to players of an online, anime-style game were exposed during a data breach, according to Tokyo Gas, the game’s developer and Japanese utility giant.
In a security alert (PDF) published on January 30, Tokyo Gas said it had temporarily disabled the dating simulation game’s website and mobile app after discovering that a third party had gained unauthorized access to the emails and associated accounts’ nicknames.
Translated as ‘Furo Koi: My Only Bath Butler’, the application is described by Tokyo Gas as a ‘romance’ game – a Japanese roleplaying genre where players build relationships with other characters, predominantly through dialog.
The Japanese-language security alert seems to indicate that the game assesses the comparative effectiveness of various bathing products, while a video posted to the game’s Twitter account shows various anime avatars.
More than 10,000 users were impacted by the Furo Koi data breach, Tokyo Gas admitted
Tokyo Gas – founded in 1885 and Japan’s largest natural gas provider – said a total of 10,365 emails were exposed when the incident occurred on January 29.
A spokesperson for the company told The Daily Swig that the breach came to light the following day, on January 30.
They said it was unclear whether the stolen data had been misused.
The security alert appears to reference the addition of a new feature to the game on January 28, but it’s unclear what, if any, connection this has to the data breach.
Tokyo Gas indicated that law enforcement had been notified and that it would implement security measures based on the findings of a security audit.
The Tokyo Gas spokesperson said: “We recognize that the protection of customer information is extremely important. We sincerely apologize for any inconvenience caused to our customers.
“We will make every effort to ensure the same mistakes won’t [happen] again.”
Affected individuals are apparently being notified of the breach and urged to avoid opening suspicious emails sent to the exposed email addresses. “If a customer suffers damage, we would like the customer to contact us,” added the spokesperson.
At the time of writing, the game’s website is still disabled.