In Three Years, Millions of AI & Gaming Credentials Leaked on Dark Web

Over the years, billions of login credentials have been circulating on the dark web; occupying a significant portion of the buyer and seller market.

Among these, most notable have been login credentials of gaming platforms. According to the data from the latest report of Kaspersky Digital Footprint Intelligence, a popular children’s gaming platform, Roblox, has witnessed a marked increase in compromise of user accounts.

Between 2021 and 2023, nearly 34 million Roblox credentials were found circulating on the dark web. The number of accounts compromised increased by 231%, from nearly 4.7 million in 2021 to 15.5 million in 2023.

Additionally, the average number of compromised accounts across 11 popular games or gaming platforms including Twitch, Steam, Sony PlayStation, and Electronic Arts, among others, witnessed a rise by 112% since 2021.

According to Kaspersky’s cybersecurity expert, the trusting nature of young gamers makes them easy targets for various social engineering attacks. Often cybercriminals employ deceptive tactics, like hiding infostealers in cheat code files, or posting malicious download links on popular social media sites like YouTube.

While Roblox accounts continue to be exploited for in-game currency and other valuable items, platforms like Steam are more appealing to the criminals, as they offer an opportunity for real-money theft.

The study also disclosed the rising trend witnessed in theft of AI-services credentials. In the last three years, nearly 2.6 million AI- services (Grammarly, Canva, OpenAI) credentials were compromised. OpenAI services, including ChatGPT’s users’ credentials leak increased nearly 33 times year-on-year, reaching approximately 664,000.

The steady increase in account compromise of AI and gaming platforms make it imperative that organizations deploy robust solutions to safeguard against infostealers and other social engineering attacks, said Yuliya Novikova, head of Kaspersky Digital Footprint Intelligence.

‘’While users must exercise caution, platform owners can bolster protection by tracking and promptly blocking compromised accounts through specialized services”, Novikova said in conclusion.