Popular Pokémon Site Nearly Destroyed By Hackers Who Wanted Rare Cards

Popular Pokémon Site Nearly Destroyed By Hackers Who Wanted Rare Cards
Illustration: The Pokemon Company

In what is becoming a miserably familiar refrain, professional hackers have targeted a popular website in an attempt to ransom the owners. This time it’s PokeBeach, an 18-year-old site dedicated to the Pokémon trading card game, who as a result of the hackers’ botched attempts have lost huge chunks of the site’s history.

“PokeBeach was hacked on Monday,” begins an explanatory post by the site’s creator, Jon Sahagian, known pseudonymously as Water Pokémon Master. “All files were deleted. We have been assessing the situation for the last 72 hours. I have barely slept.”

The enormously popular Pokémon TCG site (boasting nearly 4m visitors in May this year) was started by Sahagian when he was 14. On Monday, hackers deleted nearly two decades of files from the site’s servers, and even ran scripts to remove back-ups. Their intention was to keep a copy for themselves, and then use it to blackmail Sahagian into paying to have it restored.

Due to the efforts of the site’s hosts, the hackers were prevented from finishing downloading the site, but not before the attackers had already deleted back up versions. As their attack was interrupted, Sahagian reports they “issued a command to wipe it clean.”

While the text of the site’s archive of news stories, and forum posts, haven’t been affected, “the last few years” of media has been deleted. As anyone who runs a website will tell you, losing images is ghastly, and makes everything look broken.

A Wayback snapshot of the site from before the hack (Image: PokeBeach) A Wayback snapshot of the site from before the hack (Image: PokeBeach)

Fortunately the hackers’ worst efforts failed. An attempt to redirect supporters of the site to pay money into the group’s own PayPal account failed, and PayPal has confirmed that no transactions took place. Plus their rather pathetic attempt to suggest that Sahagian send them some rare Pokémon cards in return for “some of my files” was sensibly ignored.

Sahagian states that there was no access to any of their databases, and that “no news stories, forum posts, or user accounts have been affected.” Presumably this means the attackers weren’t able to access root, and instead took advantage of exploits in the site’s CMS install.

We reached out to Jon Sahagian via Twitter DMs to see if there is any news about the recovery efforts. “We’ve been able to recover tens of thousands of files,” he told us, “but recovery software isn’t able to reconstruct their filenames or their folder structure. Putting all of those files back simply isn’t possible.”

This is devastating for anyone who has put so much effort into a life-long project. “I started PokeBeach when I was 14 and never stopped,” Sahagian adds. “I’ve written daily news stories about the Pokémon TCG for 18 years, from high school through grad school, through my career as a filmmaker. I don’t know many people who stick to a project through that many phases of their life. So it’s immensely frustrating that those who don’t care about someone’s passion would destroy it so quickly and without much thought.”

People who want to support PokeBeach should be able to access their PayPal-funded Article Program by this link when it’s fixed later today.

Log in to comment on this story!