We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,227 News Articles

Symantec discovers 44 million stolen gaming credentials

Accounts were being validated by a Trojan

A server hosting the credentials of 44 million stolen gaming accounts, has been discovered by Symantec.

Furthermore, the security vendor said one of the most surprising aspects of the find is that the accounts were being validated by a Trojan distributed to compromised computers.

The purpose of this Trojan-based validation is apparently to figure which credentials are valid and can be sold.

Symantec is calling this the Trojan.Loginck, and as described in a blog by Symantec researcher Eoin Ward, the database of stolen information includes about 210,000 stolen accounts for World of Warcraft, 60,000 for Aion, two million for PlayNC and 16 million for Wayi Entertainment, all of which were being sold online.

Symantec is recommending users of these sites change their passwords.

"The particular database server we uncovered seems very much at the heart of this operation - part of a distributed password checker aimed at Chinese gaming sites. The stolen login credentials are not just from particular online games, but include user login accounts associated with sites that host a variety of online games," Ward said.

In his blog, Ward says to turn the gaming credentials into cash, the cybercrooks have apparently written a program that checks the login details using Trojan.Loginck to make sure they are valid, which is easier than trying to log into gaming sites 44 million times.

The value of stolen accounts credentials can range from $35 (£24) to several thousand dollars, according to Symantec's research, which sought a rough market value based on prices associated with Playerauctions.com, described as a legitimate web site to protect buyer and seller against fraud.

"Most botnets have the ability to download and run files, so why not push a custom piece of malware to each bot? The malware could log on to the database and download a group of user names and passwords in order to check them for validity," Ward said.

The database in question was holding 17GB of flat file data, and Symantec analysed its attempts to validate passwords for Wayi Entertainment. There are said to be credentials for at least 18 gaming websites in the database.

See also: 1.5 million stolen Facebook IDs up for grabs


IDG UK Sites

8 cheapest 4G smartphones in the UK 2014: Best budget 4G phones

IDG UK Sites

Apple MacBook Air lab tests and benchmarks: 11-inch & 13-inch, 256GB, 2014 Mac laptops tested

IDG UK Sites

How to prank people using Google Glass

IDG UK Sites

Brian Cox to step into will.i.am's shoes with IBC keynote