Over 500,000 Leaked Credentials Tied to Top Gaming Companies Up for Grabs on The Darknet

Threat intelligence firm Kela Research discovered over 500,000 leaked credentials belonging to employees of leading companies in the gaming sector up for grabs on the darknet. In the past three months, the experts also observed four ransomware incidents impacting gaming developers and publishers.

Gaming Industry an Attractive Target

With people being stuck at home during the pandemic, the gaming industry is soaring in popularity. Today, it’s one of the most profitable industries in the world. Moreover, the global games market is expected to grow even further in the coming years, from approximately $175 billion in 2020 to $218 billion in 2023. About half of all consumer spending on games comes from the US and China.

Looking at these figures, it’s no wonder that gaming companies are an attractive target for cybercriminals. Especially when considering that some up and coming players in the industry don’t take their security half as seriously as their growth and profits.

“Though this industry isn’t valued at the trillions of dollars that the financial industry may be valued at, it still checks off boxes for two key factors that many profit-driven cybercriminals tend to seek: increase profits and minimize the complexity of the process in order to do so”, Kela states.

Number of Threats Increases

In order to assess the threat landscape of the gaming industry, Kela has been monitoring underground markets for years. In the past two months, they’ve also closely observed and interacted with several actors looking to access gaming companies’ networks.

One Russian-speaking actor explicitly stated that he wanted to access developers of Xbox, Nintendo, Qualcomm and Apple networks. Another example shows data, including FTP credentials, up for sale belonging to a major Japanese video game developer.

The researchers also pointed out that, just recently, there have been a number of high-profile ransomware attacks. Japanese developer Capcom was hit with a cyberattack in December. Game developer Crytec and publisher Ubisoft suffered the same fate just weeks prior.

1 Million Compromised Accounts

Over the last 2.5 years Kela also found almost 1 million compromised accounts belonging to clients and employees of leading gaming companies. Compromised accounts originate from infected computers, known as bots. These are usually infected with trojans or other types of malware.

“It’s important to note that we detected compromised accounts to internal resources of nearly every company in question”, Kela explained. “These resources are meant to be used by employees for Admin panels, VPNs, Jira instances, FTPs, SSOs, dev-related environments, and the list goes on and on.”

Bots are sold on the darknet, with new listings added daily. For a couple of dollars per bot, threat actors have access to victims’ computers. This in turn gives them access to a range of desirable services, like corporate portals, social media accounts, bank accounts and much more.

500,000 Credentials Up for Grabs

Kela discovered over 500,000 leaked credentials belonging to employees of top gaming companies. Some of the credentials available for sale included high-profile email addresses belonging to executives and senior employees. These are generally very significant and can be used to carry out business email compromise (BEC) scams or spear-phishing campaigns.

“It’s worth highlighting that Kela’s caching capabilities allows visibility into additional context of leaked credentials, such as associated passwords to a certain email address, previous leaks of a specific email address and more. As part of our regular review, we unfortunately still come across a great deal of re-use of passwords.”

Organizations in the gaming sector would do well to invest in cybersecurity. “This begins with security training to employees, including raising awareness to employees about the risks presented above, enforcing password changes, and implementing unique password use and MFA policies.”