Deep Web

Over 500,000 credentials for tens of gaming firm available in the Dark Web

The gaming industry under attack, Over 500,000 credentials for the top two dozen leading gaming firms, including Ubisoft, leaked online.

The gaming industry is a privileged target for threat actors, threat actors leaked online over 500,000 stolen credentials belonging to the top 25 gaming firms.

The alarm was raised by the threat intelligence firm Kela which reported the availability for sale of the credentials in multiple hacking forums and criminal marketplace.

“KELA found nearly 1 million compromised accounts pertaining to gaming clients and employees, with 50% of them offered for sale during 2020.” reads the post published by Kela.

“KELA detected more than 500,000 leaked credentials pertaining to employees of the leading companies in the gaming sector.”

The profits for the gaming industry increased due to the ongoing COVID-19 pandemic because more people remained at home during the lockdown and had more time to spend with video games.

The researchers found 1 million compromised credentials associated clients of organizations in the gaming industry.

For the past two months, we’ve observed several different actors looking for access to networks of gaming companies.

The leak is related to an intense activity observed by experts in the last months when the demand for initial network access to gaming companies has surged in Russian-speaking hacking communities. Threat actors were interested in access to developers’ networks of major firms, including Microsoft Xbox, Nintendo, Qualcomm, and Apple.

Access to an online game of a Germany-based developer – Source KELA

The post published by Kela includes adv for stolen credentials and accesses for the organizations in the gaming industry along with posts of threat actors searching for them.

“It’s important to note that we detected compromised accounts to internal resources of nearly every company in question. These resources are meant to be used by employees, for example – Admin panels, VPNs, Jira instances, FTPs, SSOs, dev-related environments, and the list goes on and on.” continues the report.

Threat actors obtained precious information by using info-stealer like AZORult and launched spear-phishing attacks against gaming forms.

Game-company credentials for VPN services, website management portals, admin panels, dev-related environments and Jira instance access are flooding the underground marketplace.

Access to the core areas of a company’s network could be obtained paying just a couple of dollars.

For the past three months, the experts also observed four ransomware incidents suffered by gaming firms.

Most of the attacks exploit the human factor to compromise the target organizations, the experts found that the credentials available for sale also include high-profile email addresses (i.e. executives and senior employees)..

Kela recommends the adoption of stringent password guidelines, including enforcing password changes and adopting multi-factor authentication.

“Some attackers try to search for the specific data and information that is relevant to the scope or industry of the victim and reproduce the successful attacks. As the gaming industry continues to grow in revenue, we will likely continue to detect more threats and attacks targeting the online gaming industry,” concludes the report.

In September I published a detailed analysis of cybercriminal activities targeting the gaming sector, It is written in Italian and require a free registration:

https://ilmanifesto.it/perche-i-giochi-online-piacciono-tanto-al-crimine-informatico/

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, gaming industry)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services…

2 hours ago

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

6 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

20 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

1 day ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

2 days ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

This website uses cookies.