640K PlayStation Accounts for Sale on the Darknet
A vendor under the name “SunTzu583” listed 640,000 PlayStation user accounts on TheRealDeal marketplace. Unlike many database dumps, these accounts landed on the darknet, fully decrypted and in plaintext. SunTzu583 never explained where the accounts came from but said the username and password combo worked with PlayStation-related activities.
The plaintext username and password combination worked for the PlayStation Network and PlayStation branded websites, the vendor wrote. However, as with any username and password dump, he added that the login combination worked elsewhere—in principle.
The usernames and passwords took the form of email addresses in plain text passwords. Anyone with access to both pieces of information could easily plug them into other websites with potentially shared credentials. In the past, with other gaming hacks, game discussion boards and forums fell victim to the shared credential issue.
HackRead explained that game forums often fall victim to attacks and subsequent database dumps.
SunTzu583 claimed the email addresses and passwords came from a server not owned by PlayStation. A third party forum usually took first place as the most likely breached database in other, similar instances. In August, 2016, hackers released data from GTAGaming.com, a forum centered around the discussion of the PlayStation, Xbox, and PC game “Grand Theft Auto.”
The database contained DoBs, email addresses, names, and IP addresses. According to the admin of GTAGaming.com, he knew a beach occurred at some point in the past but only knew the hackers leaked the data in August. The admin there, too, recommended that forum users change their passwords on any other site with shared credentials.
“We believe our forum database has recently been compromised, which has given hackers access to email addresses, hashed passwords, and any other details you may have saved in your profiles. Upon logging into the site you will find you are forced to change your password, and shortly we will be force resetting all passwords not updated. We also recommend changing your password on any site(s) that may have used the same one.”
We reported, too, on the recent uTorrent forum database dump. Nearly 400,000 uTorrent accounts found their way onto TheRealDeal marketplace for $600. The sell price was a significant difference between that listing and this PlayStation one. SunTzu583 listed 640,000 plaintext, decrypted accounts for $35.00. The uTorrent account listing contained a mixture of different encryptions but no plaintext credentials.
Regardless, forums—whether game forums or otherwise—find themselves targeted often. HackRead added “PSN users are not the only one to suffer. Currently, gaming giants including Epic Games, LifeBoat, Envoy, ESEA, Clash of Clans forum, etc. are also having their data sold on Dark Web marketplaces.”