The research team of the security company, Kela, decided to research the top 25 gaming companies based on revenue.
Research on dark web markets has shown that both the supply and demand of data related to this industry are increased.
Researchers have uncovered nearly one million compromised accounts related to employees and customers of gaming companies. Half of them were put up for sale last year.
Violated accounts are linked to internal resources, such as control panels, VPNs, Jira instances, FTPs, SSOs, developer-related environments and other. Data from all 25 gaming companies studied were found exposed.
That means all companies are vulnerable to violations and attackssuch as: customer data theft, corporate espionage, ransomware and more. Kela said it has detected attacks ransomware in four gaming companies in recent months.
"Recently targeted corporate internal resource credentials were for sale and therefore available to any potential intruder", Said the researchers.
"We also detected an infected computer (bot) that had credential logs for many important accounts, which could be accessed by intruders during the purchase: SSO, Kibana, Jira, adminconnect, ServiceNow, Slack, VPN, password-manager and poweradmin company - all in one bot. This strongly suggests that it is used by an employee of the company with administrator rights. This valuable bot was available for sale for less than $ 10".
Researchers also found 500.000 credentials employees of gaming companies, which are exposed to Internet from infringements by third parties. Many of these credentials are available for free and can allow attackers access in the internal networks of companies.
Kela advises gaming companies to focus on security and invest in continuous monitoring of their digital assets on the dark web. Also, staff training on issues security and Multi-factor authentication (MFA) is required.
Source: Infosecurity Magazine