Industry News
MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability

Attackers could exploit the SQL Injection flaw to compromise the game’s database and steal user data.
The CyberNews.com Investigation team discovered a critical vulnerability in Street Mobster, a browser-based massively multiplayer online game created by Bulgarian development company BigMage Studios.
Street Mobster is a free to play, browser-based online game in the mafia empire genre where players manage a fictional criminal enterprise. The game boasts a 1.9+ million player base and stores a user record database that can be accessed by threat actors by committing an SQL Injection (SQLi) attack on the game’s website.
Other games created by BigMage Studios are also potentially vulnerable to the same type of attack, which means that there is a possibility that even more users might be at risk.
The records that can be compromised by exploiting the SQLi vulnerability in Street Mobster potentially include the players’ usernames, email addresses, and passwords, as well as other game-related data that is stored on the database.
Fortunately, after we reported the vulnerability to BigMage Studios, CERT Bulgaria, and the Bulgarian data protection authority, the issue has been fixed by the developers and the user database is no longer accessible to potential attackers.
What is SQL Injection?
First found back in 1998, SQLi is deemed by the Open Web Application Security Project (OWASP) as the number one web application security risk.
Even though this vulnerability is relatively easy to fix, researchers found that 8% of websites and web applications are still vulnerable to SQLi attacks in 2020. Which, from a security perspective, is inexcusable. So much so, in fact, that UK internet service provider TalkTalk was hit with a record £400,000 fine over succumbing to a cyberattack that involved SQLi.
The vulnerability works by injecting an unexpected payload (a piece of code) into the input box on the website or in its URL address. Instead of reading the text as part of the URL, the website’s server reads the attacker’s payload as code and then proceeds to execute the attacker’s command or output data that would otherwise be inaccessible to unauthorized parties. Attackers can exploit SQLi even further by uploading pieces of code or even malware to the vulnerable server.
The fact that Street Mobster is susceptible to SQLi attacks clearly shows the disappointing and dangerous neglect of basic security practices on the part of the developers at BigMage Studios.
How we found this vulnerability
Our security team identified an SQL Injection vulnerability on the Street Mobster website and were able to confirm the vulnerability by performing a simple command injection test on the website URL. The CyberNews team did not extract any data from the vulnerable Street Mobster database.
What’s the impact of the vulnerability?
The data in the vulnerable Street Mobster database can be used in a variety of ways against the players whose information was exposed:
By injecting malicious payloads on Street Mobster’s server, attackers can potentially gain access to said server, where they can install malware on the game’s website and cause harm to the visitors – from using the players’ devices to mine cryptocurrency to redirecting them to other malicious websites, installing malware, and more.
The 1.9 million user credentials stored on the database can net the attackers user email addresses and passwords, which they can potentially use for credential stuffing attacks to hack the players’ accounts on other gaming platforms like Steam or other online services.
Because Street Mobster is a free-to-play game that incorporates microtransactions, bad actors could also make a lot of money from selling hacked player accounts on gray market websites.
What to do if you’ve been affected?
If you have a Street Mobster account, make sure to change your password immediately and make it as complex as possible. If you’ve been using your Street Mobster password on any other websites or services, change that password as well. This will prevent potential attackers from accessing your accounts on these websites in case they try to reuse your password for credential stuffing attacks.
However, it’s ultimately up to BigMage Studios to completely secure your Street Mobster account against attacks like SQLi.
Disclosure and lack of communication from BigMage Studios
Following our vulnerability disclosure guidelines, we notified the BigMage Studios about the leak on August 31, 2020. However, we received no reply. Our follow-up emails were left unanswered as well.
We then reached out to CERT Bulgaria on September 11 in order to help secure the website. CERT contacted the BigMage Studios and informed the company about the misconfiguration.
Throughout the disclosure process, BigMage Studios stayed radio silent and refused to get in touch with CyberNews.com. Due to this reason, we also notified the Bulgarian data protection agency about the incident on October 9 in the hopes that the agency would be able to pressure the company into fixing the issue.
Eventually, however, BigMage Studios appear to have fixed the SLQi vulnerability on streetmobster.com, without informing either CyberNews.com or CERT Bulgaria about that fact.
Powered by WPeMatico
Industry News
MediaX Agency Officially Launches Linkible

MediaX Agency, a globally recognised leader in digital PR and growth marketing, has officially launched Linkible, an AI-powered link building agency engineered to help businesses in highly competitive and regulated industries achieve stronger online authority, higher search engine rankings and sustainable organic growth.
With AI-driven outreach and industry-specific link strategies, Linkible is redefining how brands secure high-quality backlinks, increase domain authority and dominate their niches in Google search.
Linkible is purpose-built for industries where credibility and compliance are critical:
• Law Firms & Legal Marketing – Earn authoritative legal backlinks to attract clients and improve local SEO.
• SaaS Companies – Accelerate organic growth with niche placements and product-led content strategies.
• Cannabis & CBD Brands – Gain SEO visibility while staying compliant in a restricted advertising environment.
• iGaming, Casino & Gambling – Drive traffic with white-hat link strategies tailored for high-competition keywords.
• E-commerce Businesses – Build scalable backlinks to boost product visibility and drive online sales.
Key Features of Linkible
• AI-Powered Prospecting & Outreach – Identify and connect with the right publishers at scale.
• Niche-Relevant Authority Backlinks – Secure placements on trusted websites that move rankings.
• Compliance-First Approach – Tailored strategies for industries facing strict regulations.
• Transparent SEO Reporting – Real-time dashboards to track backlinks, traffic and keyword improvements.
• Scalable Growth Solutions – Flexible link building packages for startups, enterprises and agencies.
“Traditional link building is outdated and ineffective in competitive industries. With Linkible, we’re combining the power of AI with our proven PR and SEO expertise to deliver smarter, faster, and compliance-friendly link building strategies that help businesses rank higher and grow sustainably,” said Rachita Chettri, Co-Founder of MediaX Agency.
The post MediaX Agency Officially Launches Linkible appeared first on European Gaming Industry News.
Industry News
Allwyn Launches Player Protection Lab

Allwyn, the lottery-led gaming entertainment company, has announced the launch of Allwyn Player Protection Lab, a global responsible gaming initiative aimed at supporting novel research and innovation to advance player safety.
Opening immediately for applications, the programme will support academics and experts working in the field of responsible gaming to explore new ideas, concepts and perspectives. Applicants are encouraged to submit proposals focusing on one of three key areas: digital innovation; using messaging to drive positive play; and developing effective safety tools.
Following the open call for applications, awards will be made for successful projects of up to €100,000, dependent on the scope of the prospective proposal.
The project demonstrates Allwyn’s commitment to developing global leading practice in responsible gaming. The call for applications will ensure Allwyn is casting the widest net and has the best chance to uncover new and interesting approaches to protecting players.
Nicole Garrett, Head of Responsible Gaming at Allwyn, said: “The Player Protection Lab is an exciting new avenue for Allwyn. Our responsible gaming team is seeking proposals that will encourage progress in player safety and break new ground in our industry. We hope that by opening the application process, we will have the opportunity to explore genuinely new ideas and draw lessons from other sectors.”
The call for proposals will run until 14 November.
The post Allwyn Launches Player Protection Lab appeared first on European Gaming Industry News.
Industry News
Creedroomz Introduces Cashout Blackjack

Creedroomz has launched Cashout Blackjack, a new version of its popular Live Blackjack game designed to redefine player engagement. This major update features a groundbreaking Side Bet Gamble mechanic, a completely redesigned UI and other key enhancements that deliver a new standard of excitement.
The Side Bet Gamble is an industry-first feature that gives players total control over their side bet winnings. Unlike traditional bonus rounds that are passive or tied to specific game events, this optional decision occurs only for players who have won a side bet, right at the end of the round after the last dealer card has been dealt. Players are given a choice: Gamble their winnings for a chance to double their payout, or Skip and keep their original amount. This high-stakes, real-time decision point transforms every win into an exhilarating risk-reward moment.
Cashout Blackjack also includes a suite of powerful updates:
Sleek New UI: A fully redesigned interface built for seamless usability on all devices.
Rebalanced Side Bets: Payouts have been rebalanced to make side bets more compelling and rewarding.
Auto-stand applied on hard / non-splitable scores of 17, 18, 19 and 20.
The new Cashout Blackjack, complete with the Side Bet Gamble feature, is now available to all Creedroomz partners. This launch underscores Creedroomz’s strategic vision to provide partners with groundbreaking tools that ensure they remain at the forefront of the competitive iGaming market.
The post Creedroomz Introduces Cashout Blackjack appeared first on European Gaming Industry News.
-
eSports6 days ago
Global Esports Federation confirms program for Los Angeles 2026 Global Esports Games
-
eSports3 days ago
Esports Charts to deliver comprehensive viewership data to GeoGuessr
-
Latest News6 days ago
High Roller Technologies and Flows partner to launch player engagement experiences, with technical integration complete in record time
-
Brazil6 days ago
EstrelaBet to offer Opta-powered stats markets and premium live football streaming in extensive partnership with Stats Perform
-
Eastern Europe6 days ago
SYNOT Games Partners with WIN2
-
Central Europe5 days ago
SYNOT Games Delivers Bespoke Games Exclusively for SazkaHry.sk in the Slovak Market
-
Aquisitions/Mergers5 days ago
NOVOMATIC successfully completes sale of ADMIRAL Austria to Tipico and focuses on international growth markets
-
BCLC5 days ago
Save the Date: BCLC’s New Horizons in Safer Gambling Conference Returns November 2026