Cyber Incident Victim: Game24h.vn

On October 28, 2020, a threat actor advertised the sale of stolen user databases from seventeen companies on a hacker forum, including Game24h.vn. The seller, operating as a data breach broker rather than the original attacker, claimed no direct involvement in compromising the companies but facilitated the sale of aggregated records totaling approximately 34 million users across all affected organizations. The Game24h.vn breach exposed user email addresses paired with passwords hashed using the MD5 algorithm, though the exact number of compromised accounts from this specific platform was not disclosed in the broker's listing. Other prominent victims included Geekie.com.br (8.1 million records), Clip.mx (4.7 million), and Wongnai.com (4.3 million). The broker indicated that stolen databases typically undergo private sales with prices ranging from $500 to $100,000 before eventual public release on forums.

The incident exposed significant quantities of sensitive information across multiple platforms, with Game24h.vn users facing credential compromise risks due to the weak MD5 hashing method protecting passwords. While Singaporean grocery service RedMart confirmed its breach, most affected companies—including Game24h.vn—had not publicly acknowledged compromises as of the article's October 31, 2020 publication date. Exposed data types varied by organization, with some breaches including financial details, government identifiers like CPF numbers, and social media tokens. Security analysts emphasized the heightened risk of credential stuffing attacks due to password reuse across services. No containment measures or victim notifications specific to Game24h.vn were documented in the source material, though broader security recommendations centered on credential management practices for impacted user populations.