Industry News
MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability
Attackers could exploit the SQL Injection flaw to compromise the game’s database and steal user data.
The CyberNews.com Investigation team discovered a critical vulnerability in Street Mobster, a browser-based massively multiplayer online game created by Bulgarian development company BigMage Studios.
Street Mobster is a free to play, browser-based online game in the mafia empire genre where players manage a fictional criminal enterprise. The game boasts a 1.9+ million player base and stores a user record database that can be accessed by threat actors by committing an SQL Injection (SQLi) attack on the game’s website.
Other games created by BigMage Studios are also potentially vulnerable to the same type of attack, which means that there is a possibility that even more users might be at risk.
The records that can be compromised by exploiting the SQLi vulnerability in Street Mobster potentially include the players’ usernames, email addresses, and passwords, as well as other game-related data that is stored on the database.
Fortunately, after we reported the vulnerability to BigMage Studios, CERT Bulgaria, and the Bulgarian data protection authority, the issue has been fixed by the developers and the user database is no longer accessible to potential attackers.
What is SQL Injection?
First found back in 1998, SQLi is deemed by the Open Web Application Security Project (OWASP) as the number one web application security risk.
Even though this vulnerability is relatively easy to fix, researchers found that 8% of websites and web applications are still vulnerable to SQLi attacks in 2020. Which, from a security perspective, is inexcusable. So much so, in fact, that UK internet service provider TalkTalk was hit with a record £400,000 fine over succumbing to a cyberattack that involved SQLi.
The vulnerability works by injecting an unexpected payload (a piece of code) into the input box on the website or in its URL address. Instead of reading the text as part of the URL, the website’s server reads the attacker’s payload as code and then proceeds to execute the attacker’s command or output data that would otherwise be inaccessible to unauthorized parties. Attackers can exploit SQLi even further by uploading pieces of code or even malware to the vulnerable server.
The fact that Street Mobster is susceptible to SQLi attacks clearly shows the disappointing and dangerous neglect of basic security practices on the part of the developers at BigMage Studios.
How we found this vulnerability
Our security team identified an SQL Injection vulnerability on the Street Mobster website and were able to confirm the vulnerability by performing a simple command injection test on the website URL. The CyberNews team did not extract any data from the vulnerable Street Mobster database.
What’s the impact of the vulnerability?
The data in the vulnerable Street Mobster database can be used in a variety of ways against the players whose information was exposed:
By injecting malicious payloads on Street Mobster’s server, attackers can potentially gain access to said server, where they can install malware on the game’s website and cause harm to the visitors – from using the players’ devices to mine cryptocurrency to redirecting them to other malicious websites, installing malware, and more.
The 1.9 million user credentials stored on the database can net the attackers user email addresses and passwords, which they can potentially use for credential stuffing attacks to hack the players’ accounts on other gaming platforms like Steam or other online services.
Because Street Mobster is a free-to-play game that incorporates microtransactions, bad actors could also make a lot of money from selling hacked player accounts on gray market websites.
What to do if you’ve been affected?
If you have a Street Mobster account, make sure to change your password immediately and make it as complex as possible. If you’ve been using your Street Mobster password on any other websites or services, change that password as well. This will prevent potential attackers from accessing your accounts on these websites in case they try to reuse your password for credential stuffing attacks.
However, it’s ultimately up to BigMage Studios to completely secure your Street Mobster account against attacks like SQLi.
Disclosure and lack of communication from BigMage Studios
Following our vulnerability disclosure guidelines, we notified the BigMage Studios about the leak on August 31, 2020. However, we received no reply. Our follow-up emails were left unanswered as well.
We then reached out to CERT Bulgaria on September 11 in order to help secure the website. CERT contacted the BigMage Studios and informed the company about the misconfiguration.
Throughout the disclosure process, BigMage Studios stayed radio silent and refused to get in touch with CyberNews.com. Due to this reason, we also notified the Bulgarian data protection agency about the incident on October 9 in the hopes that the agency would be able to pressure the company into fixing the issue.
Eventually, however, BigMage Studios appear to have fixed the SLQi vulnerability on streetmobster.com, without informing either CyberNews.com or CERT Bulgaria about that fact.
Industry News
New KSA Campaign: Get Your Life Back on Track, Take a Gambling Break
The Dutch Gaming Authority (KSA) launched a new awareness campaign to draw attention to the gambling stop. With the campaign “Pick up your life again, take a gambling stop,” KSA is aiming to increase attention to the risks of gambling and make the Cruks register more well-known.
Insights
The campaign is a follow-up to the pilot campaign from 2023. This pilot yielded many valuable insights, for example that more people are attracted to the word gambling stop. This name is therefore used in the new campaign.
Positive effect
The campaign focuses primarily on young adults who (possibly) no longer have their gambling under control. That is one of the reasons why the campaign is largely running via social media instead of traditional (mass) media. The focus is on the positive effect that a gambling stop has on the life of a person with gambling problems. The powerful moments of young people who pick up their lives again can be seen in online videos, social ads and social posts (Google, YouTube, Meta and Snapchat).
The post New KSA Campaign: Get Your Life Back on Track, Take a Gambling Break appeared first on European Gaming Industry News.
Industry News
EGBA: Record Participation As European Safer Gambling Week Expands to 26 Countries
The European Gaming and Betting Association (EGBA) announced record-breaking results from its fourth annual European Safer Gambling Week, held 18-24 November. The initiative – which included a social media campaign and events programme – demonstrated the broader European sector’s strengthening commitment to safer gambling through new levels of participation and expanded geographic reach.
The campaign saw record engagement with 195 partners actively participating – a 20% increase from 2023. Eight national gambling authorities participated, more than double the previous year, by either joining the social media campaign or speaking at the various events.
The campaign’s reach also expanded significantly to 26 countries – a 30% increase from 2023 – with partners in Croatia, Serbia, Slovakia and Ukraine joining for the first time, reflecting the growing pan-European dimension of the campaign. This was helped by social media graphics being made available in the local languages of 27 countries.
The social media campaign reached 3.1 million users across Facebook, Instagram, LinkedIn and X platforms, generating 1169 social media posts – a 67% increase from the previous year.
A cornerstone of this year’s campaign was its comprehensive events programme, featuring 20 specialised events – an 11% increase from 2023. The events attracted record participation with 4500 registrations and 3000 attendees. Key discussions explored trends in AI, problem gambling prevalence reporting and innovations in safer gambling tools and messaging. The events featured 105 speakers, including senior representatives from gambling authorities in Belgium, Denmark, France and the UK.
The initiative builds on EGBA members’ year-round commitment to safer gambling, which in 2023 resulted in 67 million safety messages sent to their European customers. This dedicated week amplifies these ongoing efforts while encouraging greater collaboration between operators, regulators and harm prevention organisations.
“The success of this year’s edition reflects the sector’s deepening commitment to player protection. The significant increase in participation, especially from health organisations and regulatory authorities, demonstrates the common purpose and growing unity in our approach to safer gambling. Through this collaboration, we’ve reached a record number of Europeans with crucial safety messages during the campaign. Together, we’re making gambling safer and we already look forward to building on this success in next year’s edition,” said Maarten Haijer, Secretary General of EGBA.
The post EGBA: Record Participation As European Safer Gambling Week Expands to 26 Countries appeared first on European Gaming Industry News.
Industry News
CT Gaming to Participate in ICE Barcelona 2025
CT Gaming is going to participate in ICE Barcelona 2025, which will take place from 20 to 22 Jan 2025.
“It is always a pleasure to kick off the year at ICE. This year is particularly special as we explore a new location, which we anticipate will bring fresh connections and exciting opportunities,” said Biser Bozhanov, Director of Business Development and Strategies at CT Gaming.
Positioned at stand #3C56, CT Gaming will present an impressive lineup of its signature products alongside exciting new additions, including the multigame Diamond King 4.
“We are eager to showcase our latest offerings and engage with clients, colleagues, and industry professionals to gather their valuable feedback. This year’s selection is a strong testament to CT Gaming’s enduring legacy and commitment to excellence,” added Bozhanov.
Among the products displayed at stand #3C56 will be the slot cabinet NEXT, known for its ultimate comfort and functionality. This cabinet comes with 27″ or 32″ high-definition screens, an optional premium stand, a USB phone charger, a bill validator with a stacker and an enlarged CMS panel for seamless operation. Other representatives from the slot cabinet family are EZ Modulo 32/32/32 and EZ Tower. Both of these cabinets combine sleek designs with advanced technology set to deliver an unparalleled gaming experience.
Alongside the slot cabinets, the company will showcase its staple multigame titles, such as Diamond King 3, Mermaid’s Quest, Tower Link and the newest addition to the multigame portfolio – Diamond King 4. With 40 exciting games, 20 of which are linked to a progressive jackpot, the multigame takes player engagement to new heights. Unlike previous versions, players can now win any of the three jackpot levels directly from the base game, while the cascading white and pink diamonds promise thrilling rewards at every turn. Designed with the next generation of players in mind, Diamond King 4 features enhanced graphics, modern themes and an immersive experience that’s perfectly in sync with today’s gaming landscape. The newly conceptualized linked progressive jackpot, Diamond Tree Deluxe, presents an elevated reward experience with its upgraded features.
Last but not least, CT Gaming will unveil the latest updates to its Casino Management System – Rhino, designed to enhance operator functionality and player engagement.
The post CT Gaming to Participate in ICE Barcelona 2025 appeared first on European Gaming Industry News.
-
gaming2 years ago
ODIN by 4Players: Immersive, state-of-the-art in-game audio launches into the next generation of gaming
-
EEG iGaming Directory8 years ago
iSoftBet continues to grow with new release Forest Mania
-
News7 years ago
Softbroke collaborates with Asia Live Tech for the expansion of the service line in the igaming market
-
News6 years ago
Super Bowl LIII: NFL Fans Can Bet on the #1 Sportsbook Review Site Betting-Super-Bowl.com, Providing Free Unbiased and Trusted News, Picks and Predictions
-
iGaming Industry7 years ago
Rick Meitzler appointed to the Indian Gaming Magazine Advisory Board for 2018
-
News6 years ago
REVEALED: Top eSports players set to earn $3.2 million in 2019
-
iGaming Industry7 years ago
French Senator raises Loot Boxes to France’s Gambling Regulator
-
News7 years ago
Exclusive Interview with Miklos Handa (Founder of the email marketing solutions, “MailMike.net”), speaker at Vienna International Gaming Expo 2018