Popular online shooter leaks 1.2 million user records: What to do

stalker online details sold to dark web
(Image credit: Shutterstock)

Cybercriminals have sold more than 1.2 million user records from online game Stalker Online on a hacker forum.

Ethical hacking group CyberNews, which discovered the data breach, say hackers have gained access to personal data from players and were selling it to the highest bidder.

Researchers found two databases hosted on Shoppy.gg containing personal information such as usernames, passwords, email addresses, phone numbers and IP addresses from users of the popular MMO game.

It’s believed that one of the databases contains over 1.2 million user records and another has more than 136,000 user records, which are being sold individually for “several hundred euros worth of bitcoin” on the black market.

Created by Australian studio BigWorld, Stalker Online is a free post-apocalyptic online game with many users in Russia and Eastern Europe. The game is available in English and Russian.

Lax security from game makers

CyberNews say the data breach exposes the lax security of the game, explaining that these records could be used to do things like:

  • Facilitate credential stuffing to hack the players’ accounts on other gaming platforms
  • Hold players’ game accounts to ransom
  • Mount targeted phishing attacks
  • Spam the victims’ emails and phones
  • Brute-force the change of passwords of the email addresses

The organisation made the discovery last month when it was scanning hacker communities and came across a post from a hacker claiming that they had breached the game.

“We regularly visit darknet marketplaces and hacker communities in order to help prevent cybercriminals from taking advantage of large-scale data breaches,” said the researchers.

“In May, we noticed that a hacker had posted a link to a page on the Stalker Online website proving that they had 'personally hacked' and placed their 'tag' on the server."

While the researchers aren’t sure if anyone has actually bought the records, they said the fact that the storefront was operational for almost a month suggests copies of the database containing 1.2 million user records may have been sold on the black market to multiple buyers.

Taking action

Since discovering the breach, CyberNews has alerted the appropriate parties.

The researchers said: “Following CyberNews guidelines, we immediately notified the developers and their parent company, Wargaming.net, about the leak and followed-up several times but received no reply. 

“When we contacted shoppy.gg with a request to remove the digital storefront, they were able to remove the database on the same day.”

The researchers have urged users of Stalker Online to change their passwords immediately, especially those people using identical passwords for other online services.

“Using a unique password for each service that you sign up for will prevent attackers from reusing your password for credential stuffing attacks in order to compromise more than one of your accounts.”

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!