2 min read

Data Breach: Hacker Sells Over 1.3 Million User Records of Popular Stalker Online MMO Game on Dark Web Marketplace

Alina BÎZGĂ

June 24, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Data Breach: Hacker Sells Over 1.3 Million User Records of Popular Stalker Online MMO Game on Dark Web Marketplace

This week, Cyber News researchers announced that cyber thieves are offering for sale more than 1.3 million user records from the free-to-play Stalker Online MMO game on dark web marketplaces.

The data leak was discovered by the team overseeing the dark web-monitoring project implemented by the independent cybersecurity research publication, and contains personal identifiable information such as email addresses, usernames, passwords (MD5 hashed and salted), phone numbers and IP addresses.

Apparently, two separate data dumps were on sale. The first contains over 1.2 million user records, while the second includes over 136,000 user records from Stalker Online forums.

To verify the validity of the data, researchers purchased the database from the attacker, and after a though analysis, determined that the data samples and email addresses were indeed genuine.

According to an announcement by the researchers, the trove of data was found on May 5, after the attacker opened a Stalker Online database thread on a dark web forum.

Use a digital identity protection solution that will let you know about leaks of your private information on Open Web or Dark Web and all major Social Media Networks. Thus, you can act immediately and prevent potential damages. Find out how it works here.

As proof of his successful server compromise, the hacker also posted a link that directs users to a page on the official Stalker Online website containing the intruder”s message.

“The security of this web server has been compromised and all of your files and userdata are now in our possession,” the message reads. “Contact us on [redacted] for assistance in securing your web server. If not reach within 24 hours – data gathered will be posted for all to download.”

Researchers contacted the game developers and parent company on May 8, but no reply or comment was received. However, the team managed to get in touch with the e-commerce platform Shoppy.gg, where the attacker was storing the exfiltrated data. On May 29, the database was removed from the platform.

“Both databases were hosted on Shoppy.gg and were available for anyone to download for several hundred euros worth of Bitcoin,” the report said. “It”s currently unknown if anyone else bought and downloaded the databases, but we assume that anyone who had money to spare and knew where to look could have accessed the databases during the exposure period.”

The game has an extensive reach in Russia and Eastern Europe, and gamers are advised to immediately change the password to their online account. Converting MD5 salted passwords to plain text is possible, and combined with the email address, users are exposed to account takeover attacks.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Half of consumers don’t follow up on data breach notification practices, do you? Half of consumers don’t follow up on data breach notification practices, do you?
Alina BÎZGĂ

November 23, 2021

2 min read
Unsecure Server Exposed 200 Million Records of Adult Webcam Models and Users Online Unsecure Server Exposed 200 Million Records of Adult Webcam Models and Users Online
Alina BÎZGĂ

November 19, 2021

2 min read
Don't Let Cybercriminals Steal Your Digital Thunder Don't Let Cybercriminals Steal Your Digital Thunder
Alina BÎZGĂ

October 29, 2021

2 min read