Krafton Inc. Responds to Data Breach Allegations in India
By Chang Dong-woo
SEOUL, April 15 (Yonhap) — Krafton Inc., the South Korean video game publisher, has strongly refuted allegations made in India regarding data breaches and unauthorized sales of user data. The company conducted an internal investigation that it claims found no evidence supporting these allegations.
The controversy arises amid legal proceedings in Maharashtra, where a player of Krafton’s mobile game, Battlegrounds Mobile India (BGMI), filed a police complaint against Krafton India Pvt. Ltd. along with several executives last September. Reports from the Times of India indicate that the complainant accuses the local subsidiary of breaching user agreements by allegedly selling personal data of players on the messaging platform Telegram at a rate of approximately 2,000 rupees (about $23) per user. A hearing on the matter was scheduled to take place later today in the High Court of Bombay.
In a statement to Yonhap News Agency, Krafton’s headquarters in South Korea emphasized that its thorough review concluded the claims of data mishandling were unfounded. "We have investigated the case extensively and verified that the allegations regarding data leakage and monetization lack veracity," a company representative stated.
This is not the first time these allegations have emerged. Krafton has clarified that the concerns were initially raised in 2023 and were addressed satisfactorily at that time. "The same individual who raised the initial complaint in 2023 has presented similar claims again in 2024," the company noted. In response to the legal challenges, Krafton India Pvt. Ltd. has submitted two writ petitions to the Bombay High Court, seeking to contest the legal actions against it.
A writ petition serves as a formal request to challenge the legitimacy of legal or law enforcement actions in India, signaling Krafton’s intent to defend its position rigorously. The allegations and ensuing legal disputes spotlight critical issues surrounding data privacy and user rights within the gaming industry, especially as Krafton has significantly enhanced its market presence in India, investing over $170 million to date.
As of November 2024, Krafton’s investments include acquiring a controlling interest in Nautilus Mobile, the developer behind the popular "Real Cricket" franchise, for $14 million. Moreover, in a bid to support local talent, Krafton launched the India Gaming Incubator initiative in 2023, which provides mentorship and financial backing, including grants of up to $150,000 for emerging game developers.
From a cybersecurity perspective, the ongoing situation illustrates the complexities of data privacy within the gaming sector, and potential attack vectors could be informed by the MITRE ATT&CK framework. Techniques related to initial access, where attackers may exploit vulnerabilities to obtain user data, or data exfiltration tactics, which could encompass unauthorized transfer of sensitive information, are relevant considerations in evaluating such allegations.
As the situation develops, it remains crucial for businesses to uphold robust cybersecurity measures to mitigate risks associated with data breaches and to ensure compliance with user agreements and data protection regulations.
(END)
