ADVERTISEMENT

MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability

Street Mobster MMO SQLi vulnerability
Cybernews Team
Oct 20, 2020 Updated: 6 December 2023 3 min read
Other games created by BigMage Studios are also potentially vulnerable to the same type of attack, which means that there is a possibility that even more users might be at risk.

What is SQL Injection?

The fact that Street Mobster is susceptible to SQLi attacks clearly shows the disappointing and dangerous neglect of basic security practices on the part of the developers at BigMage Studios.
ADVERTISEMENT

How we found this vulnerability

What’s the impact of the vulnerability?

  • By injecting malicious payloads on Street Mobster’s server, attackers can potentially gain access to said server, where they can install malware on the game’s website and cause harm to the visitors - from using the players’ devices to mine cryptocurrency to redirecting them to other malicious websites, installing malware, and more.
  • The 1.9 million user credentials stored on the database can net the attackers user email addresses and passwords, which they can potentially use for credential stuffing attacks to hack the players’ accounts on other gaming platforms like Steam or other online services.
  • Because Street Mobster is a free-to-play game that incorporates microtransactions, bad actors could also make a lot of money from selling hacked player accounts on gray market websites.

What to do if you’ve been affected?

Disclosure and lack of communication from BigMage Studios

Protect yourself online with our hand-picked digital privacy tools

ADVERTISEMENT