Security researchers have warned gaming companies to improve their cybersecurity posture after discovering 500,000 breached employee credentials and a million compromised internal accounts on the dark web.
Tel Aviv-based threat intelligence firm Kela decided to investigate the top 25 publicly listed companies in the sector based on revenue.
After scouring dark web marketplaces, it discovered a thriving market in network access on both the supply and demand side.
This included nearly one million compromised accounts related to employee- and customer-facing resources, half of which were listed for sale last year.
Compromised accounts linked to internal resources like admin panels, VPNs, Jira instances, FTPs, SSOs, developer-related environments and more were found in virtually all of the top 25 gaming companies studied.
This could put these firms at risk of customer data theft, corporate espionage, ransomware and more. Kela said it had tracked ransomware attacks on four gaming companies in recent months.
“Credentials to internal resources of recently attacked companies – such as VPN, website management portals, admin, Jira and more – were put up for sale and hence were available for any potential attacker prior to the cyber-attacks that occurred,” it added.
“We also detected an infected computer (bot) which had credential logs to plenty of sensitive accounts that could be accessed by attackers upon purchase: SSO, Kibana, Jira, adminconnect, ServiceNow, Slack, VPN, password-manager and poweradmin of the company – all on a single bot. This strongly suggests that it’s used by an employee of the company with administrator rights. This highly valuable bot was available for sale for less than $10.”
Elsewhere, the researchers found half-a-million gaming employee credentials exposed on the dark web after breaches at third-party firms, many of which were available for free.
These could also provide attackers with a useful foothold in victim networks, they warned.
Kela urged gaming companies to invest in ongoing monitoring of their digital assets across the dark web, as well as enhanced staff training on things like password management, and deployment of multi-factor authentication (MFA).