Stalker Online hacked! Over one million gamers’ passwords made available for download

Stalker Online hacked! Over one million gamers' details put on sale

More than one million players of the video game Stalker Online have been put at risk after hackers offered them for sale on the darknet.

As Cybernews reports, a database containing over 1.2 million Stalker Online user records is being sold on hacking forums. Separately, another database which is said to contain more than 136,000 records from the game’s forums are also being offered for sale.

Cybernews says it found the database for sale on a popular hacking forum on May 5, with a link to a defaced page on the Stalker Online website offered as “proof” that the game’s servers had been hacked.

Defaced webpage
Defaced Stalker Online webpage: Source: Cybernews.

The security of this web server has been compromised and all your files and userdata are now in our possession.

Contact us on [REDACTED] for assistance in securing your web server. If not reach within 24 hours – data gathered will be posted publicly for all to download

Of course, a defaced webpage is not evidence of a data breach. Controversially, Cybernews purchased the user database from the hacker, and says that it was able to confirm that the samples of the Stalker Online database “are genuine and the email addresses therein are deliverable.”

Purchasing stolen data from cybercriminals makes me extremely uncomfortable. It could be argued that anyone purchasing hacked databases – whether it by security researchers, journalist, or criminal fraudsters – are encouraging further hacks to occur by generating a demand for more stolen data.

The database, which is being offered for sale for “several hundred Euros worth of Bitcoins”, contains 1,289,084 Stalker Online player records, including usernames, account passwords, email addresses, phone numbers, and IP addresses.

Passwords are MD5 hashed and salted, which is certainly better than if they were held in plaintext, but such a weak algorithm may not present much of a challenge to criminals determined to crack them.

Cybernews says that it contacted the ecommerce platform that was hosting the hacker’s online store, and it has now been taken offline. However, that’s no guarantee that it will not be offered for sale elsewhere, or that anyone else might have purchased the database.

Sign up to our free newsletter.
Security news, advice, and tips.

So, players of the free-to-play MMORPG, set in a post-apocalyptic world, should really consider their details are now compromised. Hackers may have not only your username, email address, and phone number. They may also have cracked your password.

And if you made the mistake of reusing that password anywhere else on the internet, then there is a chance they could use that information to compromise your other online accounts.

Furthermore, you should obviously be aware that you might be targeted with phishing attacks, exploiting the information contained inside the database.

According to Cybernews, the makers of Stalker Online have not responded to messages related to the security reach.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.