Cyber Incident Victim: Stalker Online

On May 5, 2020, a database containing records of over 1.2 million Stalker Online players was advertised for sale on a popular hacking forum. Attackers provided a link to a defaced page on the Stalker Online website as evidence of the breach. The compromised data included usernames, MD5 hashed and salted passwords, email addresses, phone numbers, and IP addresses. A separate database containing more than 136,000 records from the game's forums was also offered for sale concurrently. The threat actor priced the main database at "several hundred Euros worth of Bitcoins" and made it available for download on the darknet. Cybernews researchers discovered and reported the listings, noting the inclusion of authentication credentials and personal identifiers. No evidence suggested the game's developers detected the intrusion prior to its public disclosure on hacking forums.

The exposure placed affected users at risk of password cracking attempts due to the use of MD5 hashing, despite salting, and potential phishing campaigns leveraging stolen email addresses and phone numbers. The breached forum records created additional attack vectors through associated account details. Game developers did not issue public statements acknowledging the breach or detailing remediation efforts following the May 5 disclosure. Cybersecurity analysts warned that purchasing the stolen data could incentivize future attacks against the gaming platform. The incident impacted players globally through the compromise of authentication credentials and personally identifiable information stored in the game's systems, with no confirmed containment measures or victim notifications documented in available reports.