Personal Identifiable Information of 2.5 million Xbox 360 and PlayStation Portable ISO forums users leaked

It has emerged that personal information and credit/debit card details of over 2.5 million gamers of the two hugely popular game forums, PlayStation and Xbox have been leaked online, after almost over a year since they were stolen after a hack attack. Hackers had also stolen users’ email ids and IP addresses along with passwords.

PSP ISO and Xbox 360 ISO forums specialize in providing downloadable ISO files from gaming titles for free – digital copies of games lifted from physical game disks and distributed illegally. (NOTE: Downloading pirated games from unauthorized sources is not only illegal, but it can also be a security risk).

It is believed that the hack attacks took place around September 2015 and hackers stole email and IP addresses, usernames and salted MD5 password hashes of nearly 2.5 million gamers. Nobody has yet claimed responsibility for the hack.

The data has only just come to light presumably because stolen credentials are usually sold and bought for big money within private dark web underground forums and used in follow-up scams and log-in attempts.

Mark James, IT Security Specialist at ESET, said: “Hacks like these are quite common where data has been stolen and the victims are only finding out months or even years later.

“Scams and phishing attacks will try and use the valuable data to entice even more information from the unsuspecting user; that info is tested, stored and often will be used for identity theft purposes.

“Quite often people using seemingly low-security websites don’t enforce good password security because it’s not a financial target, but all data has a value and will be reused for other purposes.

“Every website should be treated as unique and require different passwords with a mix of usernames if possible.”

Security expert Troy Hunt and founder of haveibeenpwned.com told: “Every time we see a data breach, the accounts are taken and usernames and passwords tested against other sites.

“Many times, people have reused their passwords and other accounts are consequently compromised.”

Normally, cybercriminals dump the data once they have made enough money of it and the data is picked up on the dark web.

Troy Hunt added: “There can be a long lead time between a breach and the data going public…There are an untold number of breaches that have already occurred that we simply don’t know about yet.”

Security experts warned gamers to be extra cautious when entering personal information into such websites. They are also urging gamers to review their security settings and change passwords on all their accounts.

“The recently disclosed data theft from the unofficial PlayStation and Xbox forums is yet another example of the need for consumers to be wary of who they provide their information to online,” said Robert Capps, vice president of security at NuData Security who warned internet users to use unique passwords across online accounts to keep data out of the hands of cyber criminals.

“While this site is mostly used to distribute pirated copies of games, DVDs and BluRays, consumers who use the forums need to make sure that they are vigilant. Keep alert to any phishing scams that may appear in email as a result of this hack, changing passwords on any site where the passwords or usernames used on these sites are used.

“This data is likely to be sold on the Dark Web and used for future cyber crime. It’s a good reminder to choose unique passwords on all sites that require registration.”

You can check out if you have been hacked by checking your email address at haveibeenpwned.com.