Cybercriminals once again had gamers in their crosshairs this week - with one self-proclaimed hacking group dumping what appeared to be the first installment of logins purloined from gaming networks online, and Steam gamers falling victim to scams when trading in-game goods.
There was good news, though, in the form of upgraded security for WhatsApp, and a new awareness among the public that privacy is important.
Login Leaks
Hacking group DerpTrolling has leaked 5,604 logins for three gaming networks to Pastebin, and claims that this is a “very small portion” of the credentials they have stolen, LifeHacker reports.
Derptrolling posted PSN, 2K Gaming and WIndows Live credentials with the words:”We will just leave this here.” A Pastebin link with over 5,500 login credentials followed. Not all of these appear to work - but the group promises it has more.
ESET security researcher Raphael Labaca Castro said, ‘“Even though there is not a large number of logins leaked, we encourage users to change their passwords for the Playstation Network, 2K Gaming Studio and Windows Live services.”
Steam gamers were also targeted by a variation on a classic scam - where images of items supposedly for sale via the service’s Marketplace were shown off in a screensaver format. Victims who did not realise that a .scr file is effectively an executable PC file found that precious in-game items had vanished...
Unicorn bug spotted in the wild?
Microsoft released a patch last week for a critical vulnerability allowing remote code execution in Internet Explorer. This vulnerability, known as Unicorn bug CVE-2014-6332, and discovered by an IBM X-Force security researcher, is significant because it exploits an old bug present in Internet Explorer versions 3 through 11. This means that most, if not all, Internet Explorer users are vulnerable unless they are using patched systems.
This week, ESET researchers spotted disturbing hints that the vulnerability may be used on a large scale by cybercriminals - after a compromised page on a news site exploited the bug.
ESET Research says, "As you might have guessed, the compromised website was using CVE-2014-6332 to install malware on the computers of its unsuspecting visitors..."
Privacy - is America waking up?
Two surveys, one conducted by Pew Internet, and one by Harris on behalf of ESET found that Americans were changing their habits online, in the wake of revelations about government groups and surveilllance online.
ESET’s Stephen Cobb writes, "While it’s not yet clear what changes, if any, politicians and government agencies will make in response to this very high level of concern about government surveillance, you can bet that some citizens are making changes."
"Consider social media. Pew found that '70% of social networking site users say that they are at least somewhat concerned about the government accessing some of the information they share on social networking sites without their knowledge.'"
ESET found that 47% of adult Americans who were aware of the Snowden/NSA revelations agreed with the following statement: "Given the news about the NSA, I have changed my approach to online activity in that I think more carefully about where I go, what I say, and what I do online."