Gamers warned to swerve phish-hooks after forum breach
2.5 million account details potentially exposed
The personal details of 2.5 million gamers have been leaked following a breach of unofficial Xbox 360 and PSP forums.
XBOX360 ISO and PSP ISO were hacked in 2015 but the extent of the leak only became public this week. Private details, including email addresses, account passwords and IP addresses, of 2.5 million PlayStation and Xbox users have been potentially exposed.
Ollie Hart, head of enterprise and cyber security, UKI at Fujitsu, said: "The fact that this breach remained undetected for almost a year and a half is alarming, and once again highlights the advanced methods hackers will use to steal sensitive data."
The breach illustrates the importance of consumers ensuring they use different passwords for different applications.
Robert Capps, VP of business development at NuData Security, said: "The recently disclosed data theft from the unofficial PlayStation and Xbox forums is yet another example of the need for consumers to be wary of who they provide their information to online.
"While this site is mostly used to distribute pirated copies of games, DVDs and Blu-rays, consumers who use the forums need to make sure that they are vigilant. Keep alert to any phishing scams that may appear in email as a result of this hack, changing passwords on any site where the passwords or usernames used on these sites are used."
Javvad Malik, IT security advocate at AlienVault, added: "Gaming forums have been a favoured target in recent months. Typically they have weaker security, so it is easier for attackers to gain access to the passwords. Attackers rely on the fact that most users will reuse the forum password on other sites."
Chris Boyd, a security researcher at Malwarebytes, commented: "Given that many of the links to the games on offer were reported to be pirated ISOs, this does mean there would be great potential for blackmail here on the part of the hackers. Smart individuals would make use of the data to get in touch with victims by alternate means (related email addresses or social media accounts), threatening to reveal their download habits unless they pay up."
"While password re-use across multiple sites is always a bad idea, in this case dabbling in potentially illegal files likely caused a few sleepless nights for the victims once details of the breach were made public," he added. ®