- Aug 17, 2014
Security researchers have warned gaming companies to improve their cybersecurity posture after discovering 500,000 breached employee credentials and a million compromised internal accounts on the dark web.
Tel Aviv-based threat intelligence firm Kela decided to investigate the top 25 publicly listed companies in the sector based on revenue.
After scouring dark web marketplaces, it discovered a thriving market in network access on both the supply and demand side.
This included nearly one million compromised accounts related to employee- and customer-facing resources, half of which were listed for sale last year.
Compromised accounts linked to internal resources like admin panels, VPNs, Jira instances, FTPs, SSOs, developer-related environments and more were found in virtually all of the top 25 gaming companies studied.
This could put these firms at risk of customer data theft, corporate espionage, ransomware and more. Kela said it had tracked ransomware attacks on four gaming companies in recent months.
“Credentials to internal resources of recently attacked companies – such as VPN, website management portals, admin, Jira and more – were put up for sale and hence were available for any potential attacker prior to the cyber-attacks that occurred,” it added.