The research team of the cybersecurity firm Kaspersky discovered
34 million passwords stolen from the video game Roblox
, one of the most popular in the world and widely played by kids.
Furthermore, in 2023 the number of passwords stolen from OpenIA, the company that owns ChatGPT, the most used chatbot in the world, has already multiplied by 33.
According to experts at Kaspersky Digital Footprint, the passwords were stolen using
infostealers
, a type of malware designed to steal user logins and passwords that infect personal and corporate devices through
phishing
and other methods.
Roblox, which has about 216 million active users each month, is a game that allows you to create other games and servers so that gamers can not only interact through the game but also hang out, chat, and chat.
“The sale of access credentials to compromised accounts occupies an important part of the dark web market.
Cybercriminals usually buy and sell them from various online platforms and services,” explained Kaspersky.
"The credentials in question come from the activity of infostealers, a specialized form of malware designed to steal user passwords for cyberattacks, dark web sales or other malicious activities," added Yuliya Novikova, head of Kaspersky Digital Footprint Intelligence.
What is an “infostealer”
Passwords, one of the most common targets of infostealers.
Photo: Shutterstock
As its name indicates, an infostealer is a program that steals information.
Typically, depending on the type of attack the threat actor is carrying out, they target sensitive information both to take financial assets and access to systems.
They were popularized in recent years by
ransomware
, a type of malware that encrypts files to make them inaccessible and demand a ransom in return.
“An infostealer is malware that was originally an addition to ransomware, in which not only the data was encrypted, but a lot of information about the affected target [victim] was also exfiltrated.
It was used as a double extortion: you pay me and I give you the key to decrypt the files.
But since many times the affected party had a backup, the cybercriminal applied a second stage that involved publishing the information to damage the image and cause reputational damage,”
Joaquín Rodríguez Varela, co-founder and security researcher at Patagonia Security, explained to
Clarín .
Now, the theft of personal information is very useful beyond this extortion technique: there is data that is a value in itself.
“This information also serves to obtain other benefits, which is why it is often sold on the dark web.
What is usually stolen are access credentials because they are very useful;
cookies, because they can terminate initiated sessions
and control accounts;
bank account wallets
and what is usually most interesting are corporate accounts, access to company networks,” adds the specialist from the offensive cybersecurity company.
The best known on the black market are
Raccoon and RedLine Stealer
, but as researchers find new information, new ones appear.
For example, this week, Cisco Talos discovered a new campaign that started in November last year in Mexico, called "Timbre Stealer", a "broad spectrum" infostealer.
That is, it steals information of all kinds.
“Many of the news that you see in the media has to do with credentials purchased on the black market.
Nowadays, if you have a company credential and you can access the VPN, it means
game over
.
For the attacker it is very valuable because it serves many purposes.
At the end of the day, cybercriminals monetize the theft of information to the maximum, compromise a victim with ransomware and then monetize that stolen information in underground forums,” concludes Rodríguez Varela.
Roblox, a very attacked target
Roblox is a free online and social multiplayer game in which participants can shape their worlds with pieces of different sizes and materials.
According to Kaspersky research, “between 2021 and 2023,
almost 34 million Roblox accounts
were attacked and published on the dark web, making the game a very fruitful target for cybercriminals who use malware to steal information.
It is worrying that the number of accounts compromised for this popular children's game has been gradually increasing each year: in the last three years, this figure increased by 231%, going from approximately
4,700,000 in 2021 to 15,500,000 in 2023.
For the period taken, many of those keys may have already been changed, although generally,
password hygiene
is not something that the average user takes into account and, even compromised, many leave them the same.
Overall, the average number of compromised accounts on a combination of 11 other random popular platforms or games (Twitch, Electronic Arts,
PlayStation
, and Steam, among others)
increased 112% since 2021
, they add.
"The reason there is so much theft of login credentials associated with Roblox is that children are among the most vulnerable audience, as they are susceptible to various types of social engineering. For example, cybercriminals can hide programs "Theft of information in files containing cheat codes to deceive young gamers.
In some cases, this deception may appear authentic
, as malicious download links may be posted on legal and popular social media platforms such as YouTube," it adds. Yuliya Novikova.
Now, why are video games like Roblox attacked?
The number of users that this platform has is a first point in favor of the attacker, who, they explain, “target game accounts to
steal valuable elements, such as real money,
in-game currency and various in-game items, such as
expensive skins
. ”
“Steam accounts seem to be more attractive to cybercriminals because of the possibility of finding and stealing real money in them.
Roblox accounts
can be exploited to steal Robux, the in-game currency
, to obtain items, or to access premium accounts that allow items to be transferred to other accounts.
Although users must take extreme precautions, platform managers must reinforce protection by quickly tracking and blocking compromised accounts through specialized services," concludes the head of Kaspersky Digital Footprint Intelligence.
AI, on the attackers' menu
ChatGPT, the most used chatbot, is also a frequent target of attacks.
AP Photo
The investigation also revealed that credentials for artificial intelligence services, such as image editing, translation, text adjustment,
chatbots or voice generators
, also gained popularity among attackers.
“Over the past three years, for example, more than one million app user credentials (logins and passwords) from the
AI-
powered online graphic design tool
Canva
were compromised with data-stealing malware.
Additionally, data from Kaspersky Digital Footprint Intelligence showed that these credentials appeared on dark web forums and Telegram channels.
Another popular
AI writing assistant, Grammarly
, had about
839,000 user passwords
stolen between 2021 and 2023,” they explained.
OpenAI
, widely used massively due to the popularity of ChatGPT, was also the protagonist of a leak as a result of the activities of cybercriminals: almost
688,000 credentials for the company's services,
including ChatGPT, were compromised between 2021 and 2023 and were found in clandestine channels.
“In particular, in the last year of widespread chatbot adoption, the number of leaked logins and passwords increased almost 33-fold in 2023 compared to the previous year, reaching approximately 664,000,” they explained.
For this reason, among the recommended measures to prevent our accounts from being compromised, it is recommended:
As these are games that children use a lot, the family role is key when it comes to explaining the risks of account compromise, from identity theft to losing game progress.
It is important to protect all devices used with a trusted security solution.
Use
a different password for each service
.
Thus, even if cybercriminals steal one of the accounts, it will not affect the rest.
It is preferable to use password managers instead of always repeating the same password in all services.
Whenever possible, protect accounts with
two-factor authentication.
If not, it is key to review the account settings.
In a company, organize proactive monitoring of the dark web to identify compromised accounts before they impact the cybersecurity of customers and employees.