Ad End 1 February 2024
Ad Ends 13 January 2025
Ad End 26 February 2025
ad End 25 April 2025
Ad Ends 20 January 2025
Ad expire at 5 August 2024
banner Expire 25 April 2025
What's new
banner Expire 15 January 2025
banner Expire 20 October 2024
UniCvv
casino
swipe store
adv exp at 23 August 2024
Carding.pw carding forum
BidenCash Shop
Kfc CLub

One Million Compromised Accounts Found at Top Gaming Firms

File_closed07

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 13, 2020
Messages
7,544
Reaction score
916
Points
212
Awards
2
  • trusted user
  • Rich User
Security researchers have warned gaming companies to improve their cybersecurity posture after discovering 500,000 breached employee credentials and a million compromised internal accounts on the dark web.

Tel Aviv-based threat intelligence firm Kela decided to investigate the top 25 publicly listed companies in the sector based on revenue.

After scouring dark web marketplaces, it discovered a thriving market in network access on both the supply and demand side.

This included nearly one million compromised accounts related to employee- and customer-facing resources, half of which were listed for sale last year.

Compromised accounts linked to internal resources like admin panels, VPNs, Jira instances, FTPs, SSOs, developer-related environments and more were found in virtually all of the top 25 gaming companies studied.

This could put these firms at risk of customer data theft, corporate espionage, ransomware and more. Kela said it had tracked ransomware attacks on four gaming companies in recent months.

“Credentials to internal resources of recently attacked companies – such as VPN, website management portals, admin, Jira and more – were put up for sale and hence were available for any potential attacker prior to the cyber-attacks that occurred,” it added.

“We also detected an infected computer (bot) which had credential logs to plenty of sensitive accounts that could be accessed by attackers upon purchase: SSO, Kibana, Jira, adminconnect, ServiceNow, Slack, VPN, password-manager and poweradmin of the company – all on a single bot. This strongly suggests that it’s used by an employee of the company with administrator rights. This highly valuable bot was available for sale for less than $10.”

Elsewhere, the researchers found half-a-million gaming employee credentials exposed on the dark web after breaches at third-party firms, many of which were available for free.

These could also provide attackers with a useful foothold in victim networks, they warned.

Kela urged gaming companies to invest in ongoing monitoring of their digital assets across the dark web, as well as enhanced staff training on things like password management, and deployment of multi-factor authentication (MFA).
 
Ad End 1 February 2024
Top