13,000 login details including payment card numbers an expiry dates have leaked from online services including Amazon, Xbox Live, Playstation Network and more, according to Tech Crunch.
The hackers posted a document with details of username and passwords, along with some credit card numbers and expiry dates to Ghostbin – a text storage website.
Websites affected included not only gaming related organisations such as Xbox, Playstation, Twitch, EA Games and Ubisoft, but also shopping chains such as Amazon and Walmart and TV streaming website Hulu Plus. Pornography websites were also included in the breach. Amazon, Sony and Microsoft have “yet to confirm whether the leak is legitimate”, according to Metro.
The wide-ranging mix of websites attacked has led the Daily Dot to suggest that not all of the websites have necessarily been breached, and that login information may have been acquired – at least in some of the cases – by “malware installed onto users’ personal devices or other nefarious methods.”
It has been a bad Christmas for gaming services, with this following swiftly on from the extended outages for the Xbox Live and Playstation Network online gaming services from DDoS attacks, as reported by We Live Security here. At the time of writing, Microsoft has reported that the Xbox Live service is back up and running, though Sony’s Playstation Network is still experiencing outages.
The news got worse for Sony, as the hackers leaking the log-in information – the Anonymous collective have taken credit, according to the Daily Mail – also claimed to have uploaded a pirate copy of ‘The Interview’, which has been in the news as the possible cause of the hacking of Sony Pictures, as discussed by We Live Security here.
by Alan Martin, ESET