This week, Cyber News researchers announced that cyber thieves are offering for sale more than 1.3 million user records from the free-to-play Stalker Online MMO game on dark web marketplaces.
The data leak was discovered by the team overseeing the dark web-monitoring project implemented by the independent cybersecurity research publication, and contains personal identifiable information such as email addresses, usernames, passwords (MD5 hashed and salted), phone numbers and IP addresses.
Apparently, two separate data dumps were on sale. The first contains over 1.2 million user records, while the second includes over 136,000 user records from Stalker Online forums.
To verify the validity of the data, researchers purchased the database from the attacker, and after a though analysis, determined that the data samples and email addresses were indeed genuine.
According to an announcement by the researchers, the trove of data was found on May 5, after the attacker opened a Stalker Online database thread on a dark web forum.
As proof of his successful server compromise, the hacker also posted a link that directs users to a page on the official Stalker Online website containing the intruder’s message.
“The security of this web server has been compromised and all of your files and userdata are now in our possession,” the message reads. “Contact us on [redacted] for assistance in securing your web server. If not reach within 24 hours – data gathered will be posted for all to download.”
Researchers contacted the game developers and parent company on May 8, but no reply or comment was received. However, the team managed to get in touch with the e-commerce platform Shoppy.gg, where the attacker was storing the exfiltrated data. On May 29, the database was removed from the platform.
“Both databases were hosted on Shoppy.gg and were available for anyone to download for several hundred euros worth of Bitcoin,” the report said. “It’s currently unknown if anyone else bought and downloaded the databases, but we assume that anyone who had money to spare and knew where to look could have accessed the databases during the exposure period.”
The game has an extensive reach in Russia and Eastern Europe, and gamers are advised to immediately change the password to their online account. Converting MD5 salted passwords to plain text is possible, and combined with the email address, users are exposed to account takeover attacks.