The popular MMO game Stalker Online has been hacked and a database containing an excess of 1.2 million user records posted for sale on the dark web. Separately, it is reported that another database of 136,000 records from the same platform is being advertised for sale in the hidden web
To understand the context, Stalker Online is an Aussie-developed site that offers free games that have become a favorite within Russian and Eastern European audiences. The breached data dump is said to contain gamers’ usernames, passwords, email addresses, cellphone numbers and IP addresses.
How Was the Database Discovered?
CyberNews, an online source for tech news, product reviews and analytics, is credited with discovering the database through their routine dark web monitoring exercise – which involves a regular scan across various darknet marketplaces and hacker forums in an effort to issue red flags on large-scale data breaches
According to CyberNews, the platform’s dark web monitoring project came across an online thread in a hacker community on May 5, which reflected on the stolen Stalker Online database that had been posted for sale to interested parties.
The site reported that the hacker involved had posted a link to one of the pages in Stalker Online’s website as evidence of their successful attack against the gaming platform’s server.
Further, CyberNews deployed one of its researchers to buy the breached database undercover as a means of verification as far as the legitimacy of the data dump was concerned. After numerous tests, it turned out that the user records found within the hacked Stalker Online database were genuine – including the reality that the email addresses accessed by the hacker worked.
CyberNews reported that they failed to get BigWorld Technology, the Australian company behind Stalker Online, and Wargaming.net, to assist its developers figure out identities of the compromised accounts.
Database Can Be Accessed for Bitcoin
CyberNews says that the hacked Stalker Online databases were hosted on Shoppy.gg, and were made publically available for download in exchange for Bitcoin.
At this point, it is unknown whether other parties have moved in to purchase the compromised databases. Nonetheless, any cybercriminal with basic knowledge of the value of the stolen data and some money to spare could easily accesses the databases.
According to CyberNews, their team reached out to the online marketplace that accommodates the Stalker Online hacker’s cybershop, and the databases were reportedly pulled down by May 29.
Still, the fate of the stolen databases is still not very clear considering that the hacker cybershop had been running for almost four weeks – an aspect that suggests that the cybercriminal had succeeded to trade copies of the stolen database via dark web to a host of interested buyers.
Further, CyberNews acknowledges that the simple act of removing the compromised databases from the online marketplace may mean that the hacker had resolved to sell the more than 1.2 million user records elsewhere.
What Are the Risks?
It goes without saying that all Stalker Online players should treat their user records as compromised.
While all Stalker Online players should visit the CyberNews data leak checker to figure out whether their records are safe, cybercriminals may use the compromised data in a number of ways.
First, credential stuffing may be employed in targeting the user accounts in other gaming sites. Cybercriminals may acquire the access to these site accounts and hold players’ game accounts through ransom arrangements.
Second, the stolen user records may be exploited by threat actors to spam victim’s email accounts and cellphones. Otherwise, targeted phishing campaigns may easily turn out to be the outcome of this data breach – a cybersecurity situation that would potentially beget devastating effects to affected users and Stalker Online at large.
You can join the discussion on Dread and Tape forum