Are you at risk? Private details of 2.5 MILLION PlayStation and Xbox users are leaked in major hack
- Two popular gaming forums ‘XBOX360 ISO’ and ‘PSP ISO’ were hacked
- Account passwords, email addresses and IP addresses were all exposed
- Forum users are advised to change all of their accounts’ passwords
- It remains unclear who was behind the original attacks
The hack breached forums ‘XBOX360 ISO’ and ‘PSP ISO’ in 2015 but details of the leak are only just coming to light.
Gamers who have used the forum are being advised to change the password for all of their accounts.
Email addresses, account passwords and IP addresses were all exposed by the hack.
It is unclear who is behind the attacks but both forums were breached around the same time in September 2015.
Attackers in data hacks such as these make money by selling on the leaked information.
‘Data breaches are often sold via darkweb sites or within closed trading circles,’ security expert Troy Hunt told MailOnline.
‘The prevalence of password reuse means that a relatively benign site can hold credentials that unlock far more valuable resources, for example email or social media accounts.
Gaming ISO files are files copied from a video game’s disk.
The ISO forums provided gamers with links to free downloads of games for each console.
Downloading games through these links often involves an illegal breach of copyright.
Hack attacks frequently come to light years after the original attack occurred.
Hackers dump the data once they have made enough money selling the leaked information.
‘Often data is exploited quietly; once a site or impacted members knows there’s been a breach, the data becomes less valuable as people change passwords and do other things to protect their identities,’ Mr Hunt told MailOnline.
‘It can take quite some time before attackers decide the usefulness of the data has been exhausted and they then offer it for sale publicly or dump it.’
And Mr Hunt has some advice for those wanting to avoid hacks like this in the future.
‘The fundamental security advice for all of us is to create strong, unique passwords and ideally use a password manager to protect them,’ he told MailOnline.
‘Also enable multi step verification on every service possible to ensure a password alone is not sufficient to login to a service.’