Gaming companies were warned to increase their cybersecurity procedures after researchers with Kela discovered 500,000 credentials associated with employees’ corporate email addresses and a million compromised internal accounts on the dark web. The accounts were connected to the top 25 publicly listed gaming organizations and included companies such as Nintendo and Ubisoft. The accounts listed for sale were for internal resources including Virtual Private Network (VPN) accounts, Single Sign-On (SSO), FTP servers, Jira servers, admin panels, and other servers that could allow the gaming companies to become victims of larger customer data theft, corporate espionage, or a ransomware attack. Many of the accounts discovered were available for free and were likely exposed after breaches from third-party firms. Threat actors use compromised accounts and credentials to establish a foothold in victim’s networks when conducting a large-scale attack.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is