2.5m Xbox and PlayStation forum logins stolen

Hackers hit unofficial gaming forums for Xbox and PSP

Criminals have stolen the usernames and passwords of up to 2.5 million Xbox and PlayStation users, according to hack monitoring website haveibeenpwned.com.

The information was reportedly lifted from unofficial popular gaming forums, 'Xbox360 ISO' and 'PSP ISO', where gamers can share links to download free and pirated versions of popular games for the two consoles.

The breach happened in 2015, when hackers broke into the forums and stole 1.3 million account details from the PSP ISO forum and 1.2 million from the Xbox forum, according to the Daily Mail, but the details are only now being revealed after the hackers shared the details online.

Troy Hunt, the security researcher behind haveibeenpwned.com, said the usernames, passwords and IP addresses for the affected accounts are probably available to buy on the dark web.

"Data breaches are often sold via dark websites or within closed trading circles," Hunt told the Mail. "The prevalence of password reuse means that a relatively benign site can hold credentials that unlock far more valuable resources, for example, email or social media accounts."

He added that once hackers have reused passwords to try and access victims' accounts for other services, or if people have changed their passwords for these other services, they can put the data up for sale online.

"Once a site or impacted members knows there's been a breach, the data becomes less valuable as people change passwords and do other things to protect their identities," he explained.

The news comes shortly after Polish game development studio CD Projekt RED, which makes the Witcher videogame series, had more than 1.8 million user credentials stolen from its online forum.

No one has yet claimed responsibility for the Xbox and PSP forum attacks, but anyone who is concerned they have been targeted by the hackers can check whether their details were part of the database stolen on haveibeenpwned.com.

"This data is likely to be sold on the dark web and used for future cyber crime," Robert Capps, vice president of security at NuData Security told the Telegraph. "Keep alert to any phishing scams that may appear in email as a result of this hack, changing passwords on any site where same password or username are used.

"It's good to remember to choose unique passwords on all sites that require registration."

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

What is DevSecOps and why is it important?
Security

What is DevSecOps and why is it important?

30 Oct 2020
Weekly threat roundup: NHS COVID-19 app, Nvidia, and Oracle
Security

Weekly threat roundup: NHS COVID-19 app, Nvidia, and Oracle

30 Oct 2020
Ryuk behind a third of all ransomware attacks in 2020
Security

Ryuk behind a third of all ransomware attacks in 2020

29 Oct 2020
REvil hacking group says it has made more than $100m in a year
Security

REvil hacking group says it has made more than $100m in a year

29 Oct 2020

Most Popular

Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020
What is Neuralink?
Technology

What is Neuralink?

24 Oct 2020