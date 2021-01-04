Infosecurity Group Websites
Latest
News

One Million Compromised Accounts Found at Top Gaming Firms

Security researchers have warned gaming companies to improve their cybersecurity posture after discovering 500,000 breached employee credentials and a million compromised internal accounts on the dark web.

Tel Aviv-based threat intelligence firm Kela decided to investigate the top 25 publicly listed companies in the sector based on revenue.

After scouring dark web marketplaces, it discovered a thriving market in network access on both the supply and demand side.

This included nearly one million compromised accounts related to employee- and customer-facing resources, half of which were listed for sale last year.

Compromised accounts linked to internal resources like admin panels, VPNs, Jira instances, FTPs, SSOs, developer-related environments and more were found in virtually all of the top 25 gaming companies studied.

This could put these firms at risk of customer data theft, corporate espionage, ransomware and more. Kela said it had tracked ransomware attacks on four gaming companies in recent months.

“Credentials to internal resources of recently attacked companies – such as VPN, website management portals, admin, Jira and more – were put up for sale and hence were available for any potential attacker prior to the cyber-attacks that occurred,” it added.

“We also detected an infected computer (bot) which had credential logs to plenty of sensitive accounts that could be accessed by attackers upon purchase: SSO, Kibana, Jira, adminconnect, ServiceNow, Slack, VPN, password-manager and poweradmin of the company – all on a single bot. This strongly suggests that it’s used by an employee of the company with administrator rights. This highly valuable bot was available for sale for less than $10.”

Elsewhere, the researchers found half-a-million gaming employee credentials exposed on the dark web after breaches at third-party firms, many of which were available for free.

These could also provide attackers with a useful foothold in victim networks, they warned.

Kela urged gaming companies to invest in ongoing monitoring of their digital assets across the dark web, as well as enhanced staff training on things like password management, and deployment of multi-factor authentication (MFA).

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News Feature

The End of Adobe Flash: What Will Post-Support Life Look Like?

2
Opinion

What the NIST Framework Misses About Cloud Security

3
News

Zoom Blow as Thousands of User Videos Are Found Online

4
News

Data Leak Exposes Details of Two Million Chinese Communist Party Members

5
Opinion

What Does 2021 Hold for Cybersecurity?

6
News

Misconfigured AWS Bucket Exposes Hundreds of Social Influencers

1
Opinion

Five Common Excuses for Lack of Firmware Security

2
News

Microsoft: SolarWinds Attackers Viewed Our Source Code

3
News

One Million Compromised Accounts Found at Top Gaming Firms

4
Webinar

The Top Five Security Metrics

5
Opinion

SAD Reality for DNS

6
News

NYSE to Delist Chinese Telcos on National Security Grounds

1
Webinar

Leveraging ISO 27001 to Manage Cyber & Information Security Risks

2
Webinar

2020 Cybersecurity Headlines in Review

3
Webinar

The Top Five Security Metrics

4
Webinar

A Better Defense: Does Modern Security Fit With Modern Attacks?

5
Webinar

Managing Security and Risk in a Microsoft 365 Environment

6
Webinar

Web App and Portal Protection: Managing File Upload Security Threats

1
Blog

Top Three Cyber-Threats to Look Out for in 2021

2
Interview

Interview: Saj Huq, Director, LORCA

3
Blog

How to Manage Shadow IT for the Benefit of Business and Employees

4
News Feature

Christmas: It’s the Most Vulnerable Time of the Year

5
Webinar

2020 Cybersecurity Headlines in Review

6
Opinion

#HowTo Write the Perfect Op-Ed, and Get it Published!