Usernames, passwords, email addresses, phone numbers and IP addresses belonging to players of Stalker Online were found by researchers from CyberNews.
The firm explained that the passwords were stored only in MD5, which is one of the less secure encryption algorithms around.
Two databases were found on underground sites as part of a dark web monitoring project undertaken by the research outfit, one containing around 1.2 million records and another of 136,000 records.
It appears as if a hacker compromised a Stalker Online web server before stealing the user data and posting a link on its official website as proof.
After confirming the data for sale was genuine, the researchers tried and failed to get in touch with Australian developer BigWorld Technology and its parent company, Cyprus-based Wargaming.net.
Both databases were hosted on legitimate e-commerce site Shoppy.gg, which removed the content when advised by the white hats within a day.
“However, the fact that the storefront was operational for almost a month may suggest that copies of the database containing 1.2 million user records may have been sold on the black market to multiple buyers,” they explained.
“In addition, the removal of the databases from the e-commerce platform does not preclude the hacker from putting them up for sale someplace else. This means that all Stalker Online players should consider their records to still be compromised.”
Although the stolen information didn’t contain any financial data, there’s plenty that cyber-criminals could do with the haul, including credential stuffing, follow-on phishing attacks, email and phone spam, cracking open the email passwords and even holding the gaming accounts themselves ransom.
“Since Stalker Online is a free-to-play game that incorporates micro-transactions, malicious actors could also make a lot of money from selling hacked player accounts on the grey market,” the researchers said.
Source: Infosecurity Magazine