The personal and account details of 2.5 million Xbox and Playstation forum users have turned up online, over a year after they were stolen, it has emerged.
The forums in question are Xbox 360 ISO and PSP ISO – two sites which specialize in providing downloadable ISO files from gaming titles for free.
Some 1.3m PSP ISO users and 1.2m Xbox 360 ISO users have had their accounts compromised, according to the HaveIBeenPwned? site.
It's thought the attacks took place around September 2015 and breached email and IP addresses, usernames and salted MD5 password hashes – which are relatively easy for hackers to crack.
The data has only just come to light presumably as it has been bought and sold on the dark web and used in follow-up scams and log-in attempts.
“Scams and phishing attacks will try and use the valuable data to entice even more information from the unsuspecting user; that info is tested, stored and often will be used for identity theft purposes,” argued ESET security specialist, Mark James.
“Quite often people using seemingly low security websites don't enforce good password security because it's not a financial target, but all data has a value and will be reused for other purposes. Every website should be treated as unique and require different passwords with a mix of usernames if possible.”
Ollie Hart, head of enterprise & cybersecurity, UKI at Fujitsu, added that it’s become relatively easy for hackers to bypass perimeter controls via phishing emails.
“Get on the front-foot, be proactive and get a layered defense in place that will enable real-time threat reporting and fast solutions before a threat becomes a compromise,” he added. “Key to this is the use of threat intelligence and other information sources.”
Gaming forums have become a popular target for hackers over the past few months, as they are seen as having typically weak security.
GTAGaming and Epic Games both suffered incidents last year.