14 DAY TRIAL // Symantec security researchers have located a server hosting a database of 44 million stolen online gaming logins. The credentials were lifted from infected computers with the help of an information-stealing trojan and were most likely being sold on the underground market.
The massive cache was discovered after analyzing a malware sample tasked with validating the stolen logins. Called Trojan.Loginck, this malicious program extracts sets of credentials from the database and attempts to authenticate with them.
"This particular database server we uncovered seems very much to be the heart of the operation—part of a distributed password checker aimed at Chinese gaming websites. The stolen login credentials are not just from particular online games, but also include user login accounts associated with sites that host a variety of online games. In both cases the accounts contained in the database have been obtained from other sources, most likely using malware with information-stealing capabilities, such as Infostealer.Gampass," Eoin Ward, a Symantec security expert, explains.
According to the Symantec report, there are credentials for at least 18 online games and gaming networks in the database, many of which operate in Asia. That's not surprising, considering that Asia is one of the biggest online gaming markets, and one where the practice of selling accounts or virtual currency is very common.
It is very clear that the people behind this operation planned on monetizing the stolen information, but selling online gaming accounts is not as straightforward as selling stolen email credentials or even credit-card data. That's because the buyers are interested in the game characters behind these accounts, which also influences their ultimate price.
For example, on a legitimate player auction website, a World of Warcraft account might sell for anywhere between $35 and $28,000, depending on how well the character is developed. There are 210,000 stolen WoW credentials in the database discovered by Symantec, along with two million for PlayNC and 60,000 for Aion. PlayNC is an online gaming network covering titles such as Lineage II, Guildwars, and City of Heroes, while Aion is another popular MMORPG. However, the highest number of compromised accounts, 12 million, are for a Taiwan-based gaming network called Wayi Entertainment.
You can follow the editor on Twitter @lconstantin