Stalker Online Breach: 1.3 Million User Records Stolen


Security researchers are warning players of a popular MMO game that over 1.3 million user records are being sold on dark web forums.

Usernames, passwords, email addresses, phone numbers and IP addresses belonging to players of Stalker Online were found by researchers from CyberNews.

The firm explained that the passwords were stored only in MD5, which is one of the less secure encryption algorithms around.

Two databases were found on underground sites as part of a dark web monitoring project undertaken by the research outfit, one containing around 1.2 million records and another of 136,000 records.

It appears as if a hacker compromised a Stalker Online web server before stealing the user data and posting a link on its official website as proof.

After confirming the data for sale was genuine, the researchers tried and failed to get in touch with Australian developer BigWorld Technology and its parent company, Cyprus-based Wargaming.net.

Both databases were hosted on legitimate e-commerce site Shoppy.gg, which removed the content when advised by the white hats within a day.

“However, the fact that the storefront was operational for almost a month may suggest that copies of the database containing 1.2 million user records may have been sold on the black market to multiple buyers,” they explained.

“In addition, the removal of the databases from the e-commerce platform does not preclude the hacker from putting them up for sale someplace else. This means that all Stalker Online players should consider their records to still be compromised.”

Although the stolen information didn’t contain any financial data, there’s plenty that cyber-criminals could do with the haul, including credential stuffing, follow-on phishing attacks, email and phone spam, cracking open the email passwords and even holding the gaming accounts themselves ransom.

“Since Stalker Online is a free-to-play game that incorporates micro-transactions, malicious actors could also make a lot of money from selling hacked player accounts on the grey market,” the researchers said.



Source link

Recent articles

Tubites · Packaging

Creating a playful, fresh, and colorful packaging for the new guilt-free snacks brand "Tubites". Each of the product lines is aimed at...

BlendNet free addon to simplify the cloud rendering

Rabit writes: The new BlendNet v0.2 was released and could be quite useful for everyone who wants to save money on the render farm...

What’s New on Netflix UK: July 8th, 2020

Stateless is now available to stream on Netflix UKA quiet Wednesday on Netflix UK with three 3 additions to the library. Of the...

Save time at the command line with HTTPie instead of curl

Ah, curl. While widely-loved and wildly powerful, its ergonomics leave something to be desired. Although it should not replace curl in your automation,...

Leave a reply

Please enter your comment!
Please enter your name here