[BreachExchange] Stalker Online Breach: 1.3 Million User Records Stolen

Destry Winant destry at riskbasedsecurity.com
Mon Jun 29 10:35:02 EDT 2020


Security researchers are warning players of a popular MMO game that
over 1.3 million user records are being sold on dark web forums.

Usernames, passwords, email addresses, phone numbers and IP addresses
belonging to players of Stalker Online were found by researchers from

The firm explained that the passwords were stored only in MD5, which
is one of the less secure encryption algorithms around.

Two databases were found on underground sites as part of a dark web
monitoring project undertaken by the research outfit, one containing
around 1.2 million records and another of 136,000 records.

It appears as if a hacker compromised a Stalker Online web server
before stealing the user data and posting a link on its official
website as proof.

After confirming the data for sale was genuine, the researchers tried
and failed to get in touch with Australian developer BigWorld
Technology and its parent company, Cyprus-based Wargaming.net.

Both databases were hosted on legitimate e-commerce site Shoppy.gg,
which removed the content when advised by the white hats within a day.

“However, the fact that the storefront was operational for almost a
month may suggest that copies of the database containing 1.2 million
user records may have been sold on the black market to multiple
buyers,” they explained.

“In addition, the removal of the databases from the e-commerce
platform does not preclude the hacker from putting them up for sale
someplace else. This means that all Stalker Online players should
consider their records to still be compromised.”

Although the stolen information didn’t contain any financial data,
there’s plenty that cyber-criminals could do with the haul, including
credential stuffing, follow-on phishing attacks, email and phone spam,
cracking open the email passwords and even holding the gaming accounts
themselves ransom.

“Since Stalker Online is a free-to-play game that incorporates
micro-transactions, malicious actors could also make a lot of money
from selling hacked player accounts on the grey market,” the
researchers said.

More information about the BreachExchange mailing list