Over 500k videogame users credentials for sale on dark web

Although this topic is rarely considered important, videogame related security can create unprecedented problems for companies, employees, and users. This is the premise from which security firm Kela, based in Tel Aviv, departed to conduct an investigation in which they concluded that over 500,000 employee credentials, in addition to one million user accounts are available on the dark web.

Experts have shown that selling these accounts in illegal forums has become one of the most important cybercriminal trends in recent months.

Research includes nearly one million committed accounts related to employee and customer resources; more than half of these were listed over the past year. Affected accounts are linked to VPN resources, Jira deployments, SSO, and developer-employed environments for the top 25 video game companies.

This malicious practice could expose users to risky scenarios such as data theft, phishing, ransomware, espionage, among others. In his report, Kela mentions that at least four ransomware attacks related to this campaign have been detected in the most recent months: “The credentials and other resources exposed are still on sale, so video game companies should consider this scenario of active risk.”

Experts also detected an infected computer with credential records for many of the accounts that threat actors could access. This behavior suggests that the infected computer is employed by an employee of the affected company; the malware that infected this computer is available for sale for less than $10 USD.

Research suggests that more than half a million employee credentials were compromised due to security incidents on third-party platforms and could even be accessed for free.

Researchers contacted the companies analyzed to urge them to review their current security mechanisms and, where appropriate, update these practices to prevent further leaks in the future. Limiting access to high-privileged accounts and establishing multi-factor authentication mechanisms are a good starting point for improving these security practices.