Ransomware is not the only major security threat that's plaguing cyberspace these days. It seems like there will always be that phishing scam, zero-day attack or privacy scare waiting to be the next big thing.
However, there's one cyber attack that rivals the spread of ransomware in breadth and scope. In fact, 2016 is known as the year the largest of these attacks were revealed, affecting billions of accounts across multiple services.
Well, 2017 has just started and it looks like cyber criminals have warmed up.
Today, a massive hack of two popular gaming forums has been revealed, exposing email addresses, account passwords and IP addresses of 2.5 million user accounts.
Are you affected?
The details of this massive leak are just emerging but if you (or your kids) are a user of these two popular gaming forums, "XBOX360 ISO" and "PSP ISO," you are advised to review your account and change your password immediately.These two sites are known for providing Xbox 360 and Playstation Portable owners download links for gaming ISO files - digital copies of games lifted from physical game disks and distributed illegally. Members of these two gaming sites are mostly owners of said consoles looking for free versions of popular games.
The perpetrator behind these data breaches is still unknown but it is believed that the attacks on the two gaming forums occurred in September 2015. If you're wondering why it took so long for an attack from 2015 to be discovered, well, that's because stolen credentials are usually sold for big money within private dark web trading sites and the validity of the information relies on the victims' ignorance of data theft activity.
As with any massive data breach, users are advised to check their other accounts too since "password reuse" attacks are inevitable. Password reuse attacks occur when hackers use the same credentials gathered from one data breach to break into other accounts since a large number of people still use the same email/password combo across multiple services.
What you need to do
- Change your password - if you use or have used the "XBOX360 ISO" and "PSP ISO" websites and forums, reset and change your password immediately.
- Manage passwords - Many people use the same username and password on multiple sites. This is a terrible practice and you should never do it. If you're using the same credentials on multiple sites, change them to make them unique. If you have too many accounts to remember, you could always use a password manager.
- Close your account - If you haven't been using these forums for quite a while, it's recommended that you close your accounts immediately.
- Check email security settings - Make sure the email account associated with the hacked site has updated security settings.
- Enable two-factor authentication - Always enable multi-step verification if a web service offers it. With this, a secondary code (for example, a code sent via text message to your phone) will be required to verify your identity.
