Symantec, the largest maker of PC security software, have uncovered a server hosting 44 million stolen gamer credentials, according to the official Symantec blog.
From the Symantec blog:
In previous blogs, Symantec has highlighted threats that steal user data. We recently analyzed a new sample submitted to Symantec and came across a server hosting the credentials of 44 million stolen gaming accounts. What was interesting about this threat wasn’t just the sheer number of stolen accounts, but that the accounts were being validated by a Trojan distributed to compromised computers. Symantec detects this threat as Trojan.Loginck.
This particular database server we uncovered seems very much to be the heart of the operation—part of a distributed password checker aimed at Chinese gaming websites. The stolen login credentials are not just from particular online games, but also include user login accounts associated with sites that host a variety of online games. In both cases the accounts contained in the database have been obtained from other sources, most likely using malware with information-stealing capabilities, such as Infostealer.Gampass.
So how many accounts of popular MMOs are in the database? Symantec estimates roughly 210,000 World of Warcraft accounts, 60,000 Aion accounts, 2 million PlayNC master accounts, and 16 million Wayi Entertainment accounts. Wow!
Check out the full blog entry here for additional details.
[Thanks Christopher8 for the tip!]