Popular online shooter leaks 1.2 million user records: What to do
Hackers selling Stalker Online personal information to the highest bidder
Cybercriminals have sold more than 1.2 million user records from online game Stalker Online on a hacker forum.
Ethical hacking group CyberNews, which discovered the data breach, say hackers have gained access to personal data from players and were selling it to the highest bidder.
Researchers found two databases hosted on Shoppy.gg containing personal information such as usernames, passwords, email addresses, phone numbers and IP addresses from users of the popular MMO game.
- Best antivirus: protect yourself from scams with online security
- VPN: add a layer of extra protection thanks to a virtual private network
- Latest: Nasty Mac malware is circulating on Google with you in its sights
It’s believed that one of the databases contains over 1.2 million user records and another has more than 136,000 user records, which are being sold individually for “several hundred euros worth of bitcoin” on the black market.
Created by Australian studio BigWorld, Stalker Online is a free post-apocalyptic online game with many users in Russia and Eastern Europe. The game is available in English and Russian.
Lax security from game makers
CyberNews say the data breach exposes the lax security of the game, explaining that these records could be used to do things like:
- Facilitate credential stuffing to hack the players’ accounts on other gaming platforms
- Hold players’ game accounts to ransom
- Mount targeted phishing attacks
- Spam the victims’ emails and phones
- Brute-force the change of passwords of the email addresses
The organisation made the discovery last month when it was scanning hacker communities and came across a post from a hacker claiming that they had breached the game.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
“We regularly visit darknet marketplaces and hacker communities in order to help prevent cybercriminals from taking advantage of large-scale data breaches,” said the researchers.
“In May, we noticed that a hacker had posted a link to a page on the Stalker Online website proving that they had 'personally hacked' and placed their 'tag' on the server."
While the researchers aren’t sure if anyone has actually bought the records, they said the fact that the storefront was operational for almost a month suggests copies of the database containing 1.2 million user records may have been sold on the black market to multiple buyers.
Taking action
Since discovering the breach, CyberNews has alerted the appropriate parties.
The researchers said: “Following CyberNews guidelines, we immediately notified the developers and their parent company, Wargaming.net, about the leak and followed-up several times but received no reply.
“When we contacted shoppy.gg with a request to remove the digital storefront, they were able to remove the database on the same day.”
The researchers have urged users of Stalker Online to change their passwords immediately, especially those people using identical passwords for other online services.
“Using a unique password for each service that you sign up for will prevent attackers from reusing your password for credential stuffing attacks in order to compromise more than one of your accounts.”
- Read more: Check out our Antivirus Software Buying Guide
Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!