Hacking Killed a Square Enix Online Shop [Update]

Last month, the Square Enix Official Goods Online Shop was compromised as the third-party server, which hosts its online retail store, was breached.

Today in Japan, the company announced that its merchandising division's official goods online store would be ending its internet shopping service.

The Official Goods Online Shop specialized in Square Enix's collectible figures and character goods.

At the time of the compromise in September, Square Enix stated that this server did not store credit card information. "We understand that some of Square Enix, Inc.'s U.S. customers may have non-financial (such as name, mailing address, phone number and email) account data on this server," added Square Enix.

During its investigation, Square Enix said it would be taking its online store offline—now that's for good.

The investigation revealed that it was able to confirm that following customer information seems to have been compromised:

• Customer names
• Home addresses
• Phone numbers
• Customers' gender
• Birthdays
• Email addresses

Customers who purchased character goods at the Square Enix online shop might worry that their credit card numbers, credit card expiration dates, and credit card security codes were at risk during this breach.

As mentioned above, Square Enix initially stated that credit card information was not stored on the breached server. However, according to the Tokyo-base game company, it's possible the information was accessed, but there were no traces of this information being stolen in the September attack.

Today's notice from Square Enix reads, "What's more, due to concern, this site is ending its online shopping service."

This doesn't mean that all of Square Enix's online shopping experiences are over. The Square Enix e-Store, which is different from Square Enix Official Goods Online Shop and focuses more on games and music, will thankfully sell the comany's collectible character goods.

Kotaku followed up with Square Enix's North American branch regarding the status of the company's Official Goods Online Shop and whether the Western versions of it will also cease operating. This post will be updated if Square Enix comments on the issue.

In the meantime, you can read the company's previous English language statement on the hack.

Update: Square Enix provided Kotaku with the following statement: "Last month, Square Enix notified our customers that a third-party vendor reported an incident of unauthorized access to one of its servers located in Japan. This server hosted the SQUARE ENIX ONLINE SHOP (Square Enix-branded merchandise). http://www.square-enix-shop.com

With respect to the U.S. store, our investigation has determined that non-financial data, including name, mailing address, phone number and email address, were compromised by this unauthorized access.

As we have previously reported, the server in question did not store credit card information for any U.S. customers. Moreover, the server and vendor were not connected to any other Square Enix online services.

While no U.S. credit card data was compromised, we recommend that you always monitor your credit cards and credit reports for any suspicious activity.

At this time we have decided to close down the current version of the U.S. SQUARE ENIX ONLINE SHOP. Online merchandise sales will resume, and we will outline the details at a later time.

We sincerely apologize for any inconvenience. We take data security extremely seriously and we regret any inconvenience this may have caused our customers and fans. We appreciate your patience and support."

「スクウェア・エニックス オフィシャルグッズオンラインショップ」における
不正アクセスの可能性について
[Square Enix Shop]