Around 2.5 million Xbox and Playstation account holders are in trouble since after a year of getting their personal and account details stolen from the forum, now their data has been leaked online by hackers. The forums from where the data was stolen are Xbox 360 ISO and PSP ISO. These two forums are dedicated to providing downloadable ISO files from gaming titles without any charges.
HaveIBeenPwned, a website that allows internet users to check if their personal data has been compromised by data breaches revealed that 1.3 million users from PSP ISO and 1.2 million Xbox 360 ISO users got their accounts compromised. According to the site, the attacks occurred in September 2015. During the attack, hackers stole email IDs and IP addresses of the users along with user IDs and salted MD5 password hashes.
Although the hack attack happened in 2015 but hackers have leaked the data online only now and probably the data has already been bought and sold on the Dark Web marketplace. It is also suspected that the data could be used in subsequent scams and illegal log-in attempts.
As per the analysis of Mark James, ESET security specialist, such stolen data is always a prized commodity for malicious cyber criminals since these come handy while carrying out scams and phish attacks. James states that the data is valuable since it helps in enticing unsuspecting users and retrieving more information from them to conduct full-fledged identity theft.
“Quite often people using seemingly low-security websites don’t enforce good password security because it’s not a financial target, but all data has a value and will be reused for other purposes. Every website should be treated as unique and require different passwords with a mix of usernames if possible,” explained Mark.
Javvad Malik, security advocate at AlienVault says that “Gaming forums have been a favored target in recent months. Typically they have weaker security, so it is easier for attackers to gain access to the passwords. Attackers rely on the fact that most users will reuse the forum password on other sites. While user education into the dangers of choosing easily guessed, or re-using passwords should continue. Companies need to evaluate all their digital assets equally from a security perspective. There is no such thing as a ‘low priority’ public site wherever a user account resides. Secondly, these attacks highlight the importance of effective security monitoring controls that can help detect threats underway in a timely manner. In this day and age, discovering a breach over a year after the attack is an eternity.”
Previously, gaming giants including Epic games, LifeBoat, Envoy, ESEA, Clash of Clans forum and several other gaming companies suffered data breaches and millions of accounts were leaked online. If you have an account on PSP or Xbox forums, change its password asap.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.