Over 500,000 credentials for tens of gaming firm available in the Dark Web

Pierluigi Paganini January 05, 2021

The gaming industry under attack, Over 500,000 credentials for the top two dozen leading gaming firms, including Ubisoft, leaked online.

The gaming industry is a privileged target for threat actors, threat actors leaked online over 500,000 stolen credentials belonging to the top 25 gaming firms.

The alarm was raised by the threat intelligence firm Kela which reported the availability for sale of the credentials in multiple hacking forums and criminal marketplace.

“KELA found nearly 1 million compromised accounts pertaining to gaming clients and employees, with 50% of them offered for sale during 2020.” reads the post published by Kela.

“KELA detected more than 500,000 leaked credentials pertaining to employees of the leading companies in the gaming sector.”

The profits for the gaming industry increased due to the ongoing COVID-19 pandemic because more people remained at home during the lockdown and had more time to spend with video games.

The researchers found 1 million compromised credentials associated clients of organizations in the gaming industry.

For the past two months, we’ve observed several different actors looking for access to networks of gaming companies.

The leak is related to an intense activity observed by experts in the last months when the demand for initial network access to gaming companies has surged in Russian-speaking hacking communities. Threat actors were interested in access to developers’ networks of major firms, including Microsoft Xbox, Nintendo, Qualcomm, and Apple.

gaming industry
Access to an online game of a Germany-based developer – Source KELA

The post published by Kela includes adv for stolen credentials and accesses for the organizations in the gaming industry along with posts of threat actors searching for them.

“It’s important to note that we detected compromised accounts to internal resources of nearly every company in question. These resources are meant to be used by employees, for example – Admin panels, VPNs, Jira instances, FTPs, SSOs, dev-related environments, and the list goes on and on.” continues the report.

Threat actors obtained precious information by using info-stealer like AZORult and launched spear-phishing attacks against gaming forms.

Game-company credentials for VPN services, website management portals, admin panels, dev-related environments and Jira instance access are flooding the underground marketplace.

Access to the core areas of a company’s network could be obtained paying just a couple of dollars.

For the past three months, the experts also observed four ransomware incidents suffered by gaming firms.

Most of the attacks exploit the human factor to compromise the target organizations, the experts found that the credentials available for sale also include high-profile email addresses (i.e. executives and senior employees)..

Kela recommends the adoption of stringent password guidelines, including enforcing password changes and adopting multi-factor authentication.

“Some attackers try to search for the specific data and information that is relevant to the scope or industry of the victim and reproduce the successful attacks. As the gaming industry continues to grow in revenue, we will likely continue to detect more threats and attacks targeting the online gaming industry,” concludes the report.

In September I published a detailed analysis of cybercriminal activities targeting the gaming sector, It is written in Italian and require a free registration:


If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, gaming industry)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment