Industry News
MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability

Attackers could exploit the SQL Injection flaw to compromise the game’s database and steal user data.
The CyberNews.com Investigation team discovered a critical vulnerability in Street Mobster, a browser-based massively multiplayer online game created by Bulgarian development company BigMage Studios.
Street Mobster is a free to play, browser-based online game in the mafia empire genre where players manage a fictional criminal enterprise. The game boasts a 1.9+ million player base and stores a user record database that can be accessed by threat actors by committing an SQL Injection (SQLi) attack on the game’s website.
Other games created by BigMage Studios are also potentially vulnerable to the same type of attack, which means that there is a possibility that even more users might be at risk.
The records that can be compromised by exploiting the SQLi vulnerability in Street Mobster potentially include the players’ usernames, email addresses, and passwords, as well as other game-related data that is stored on the database.
Fortunately, after we reported the vulnerability to BigMage Studios, CERT Bulgaria, and the Bulgarian data protection authority, the issue has been fixed by the developers and the user database is no longer accessible to potential attackers.
What is SQL Injection?
First found back in 1998, SQLi is deemed by the Open Web Application Security Project (OWASP) as the number one web application security risk.
Even though this vulnerability is relatively easy to fix, researchers found that 8% of websites and web applications are still vulnerable to SQLi attacks in 2020. Which, from a security perspective, is inexcusable. So much so, in fact, that UK internet service provider TalkTalk was hit with a record £400,000 fine over succumbing to a cyberattack that involved SQLi.
The vulnerability works by injecting an unexpected payload (a piece of code) into the input box on the website or in its URL address. Instead of reading the text as part of the URL, the website’s server reads the attacker’s payload as code and then proceeds to execute the attacker’s command or output data that would otherwise be inaccessible to unauthorized parties. Attackers can exploit SQLi even further by uploading pieces of code or even malware to the vulnerable server.
The fact that Street Mobster is susceptible to SQLi attacks clearly shows the disappointing and dangerous neglect of basic security practices on the part of the developers at BigMage Studios.
How we found this vulnerability
Our security team identified an SQL Injection vulnerability on the Street Mobster website and were able to confirm the vulnerability by performing a simple command injection test on the website URL. The CyberNews team did not extract any data from the vulnerable Street Mobster database.
What’s the impact of the vulnerability?
The data in the vulnerable Street Mobster database can be used in a variety of ways against the players whose information was exposed:
By injecting malicious payloads on Street Mobster’s server, attackers can potentially gain access to said server, where they can install malware on the game’s website and cause harm to the visitors – from using the players’ devices to mine cryptocurrency to redirecting them to other malicious websites, installing malware, and more.
The 1.9 million user credentials stored on the database can net the attackers user email addresses and passwords, which they can potentially use for credential stuffing attacks to hack the players’ accounts on other gaming platforms like Steam or other online services.
Because Street Mobster is a free-to-play game that incorporates microtransactions, bad actors could also make a lot of money from selling hacked player accounts on gray market websites.
What to do if you’ve been affected?
If you have a Street Mobster account, make sure to change your password immediately and make it as complex as possible. If you’ve been using your Street Mobster password on any other websites or services, change that password as well. This will prevent potential attackers from accessing your accounts on these websites in case they try to reuse your password for credential stuffing attacks.
However, it’s ultimately up to BigMage Studios to completely secure your Street Mobster account against attacks like SQLi.
Disclosure and lack of communication from BigMage Studios
Following our vulnerability disclosure guidelines, we notified the BigMage Studios about the leak on August 31, 2020. However, we received no reply. Our follow-up emails were left unanswered as well.
We then reached out to CERT Bulgaria on September 11 in order to help secure the website. CERT contacted the BigMage Studios and informed the company about the misconfiguration.
Throughout the disclosure process, BigMage Studios stayed radio silent and refused to get in touch with CyberNews.com. Due to this reason, we also notified the Bulgarian data protection agency about the incident on October 9 in the hopes that the agency would be able to pressure the company into fixing the issue.
Eventually, however, BigMage Studios appear to have fixed the SLQi vulnerability on streetmobster.com, without informing either CyberNews.com or CERT Bulgaria about that fact.
Powered by WPeMatico
Gambling in the USA
Gaming Americas Weekly Roundup – September 8-15

Welcome to our weekly roundup of American gambling news again! Here, we are going through the weekly highlights of the American gambling industry which include the latest news and new partnerships. Read on and get updated.
Latest News
IGT announced that its much-anticipated Wheel of Fortune Big Money Spin electronic table game (ETG) recently made its world debut at Downtown Grand Casino in Las Vegas, Nev. The vibrant standalone ETG game includes many of the attributes that have propelled the success of the Wheel of Fortune slots franchise for nearly three decades including word puzzles, wheel spins and exciting jackpot rewards. The game is accompanied by an attention-grabbing, 9-plus-feet upright video wheel that stands independent of the ETG terminals and entertains casino guests with the famous “WHEEL-OF-FORTUNE!” chant.
MGM Resorts International has announced that Corey Sanders, Chief Operating Officer, will retire from the company after more than 30 years of dedicated service and leadership. Sanders has agreed to remain COO through Dec. 31, 2025, and to serve as an advisor to the President and CEO through Dec. 31, 2026. The Company intends to name a new COO to serve as Sanders’ successor later this month. Sanders is currently MGM Resorts’ Chief Operating Officer, overseeing the company’s Las Vegas and regional properties as well as multiple corporate departments, including Hospitality, Gaming, Human Resources and Strategic Initiatives. Prior to that, he served as the company’s Chief Financial Officer and Treasurer.
Members of Kletsel Dehe Wintun Nation, the Sherwood Valley Rancheria of Pomo Indians, the Mechoopda Indian Tribe of Chico Rancheria and Big Lagoon Rancheria gathered outside the State Capitol in Sacramento to protest Assembly Bill 831 (AB 831). If passed, the bill would limit economic opportunities available to less wealthy tribes in the state by banning legitimate online social games using sweepstakes promotions. It would also eliminate more than $1 billion of existing economic activity generated by the industry in California, and close off a potential new revenue source for the state via sensible, modern regulation and taxation.
Partnerships
Genius Sports Limited has expanded its long-term partnership with Hard Rock Bet Sportsbook (Hard Rock Bet) to power the top-rated platform with its market-leading official data, trading and marketing solutions, as well as its ground-breaking BetVision product. Genius Sports has worked in partnership with the leading operator since 2021, providing the highest quality official data and pinpoint trading solutions across top tier leagues globally, including the Premier League, Serie A, European Leagues, Liga MX, NFL and more. Hard Rock Bet will be able to provide its customers with Genius Sports’ first-of-its-kind BetVision low latency streaming solution.
Quick Custom Intelligence (QCI), a leading provider of data-driven casino intelligence and player engagement platforms, has announced that Dania Beach Casino is continuing to benefit from its deployment of the QCI Nimble platform. While the property currently focuses on the QCI Host and QCI Marketing modules, it has expressed enthusiasm about the capabilities of the new AGI56 release and its impact on future customer engagement strategies. AGI56 represents the most ambitious release in QCI’s history, with the platform undergoing a full refresh of its technology stack, improved integration of advanced analytics, and the introduction of generative AI-driven tooling through Chatalytics.com. QCI’s platform is currently deployed in more than 350 casinos worldwide.
The post Gaming Americas Weekly Roundup – September 8-15 appeared first on European Gaming Industry News.
Industry News
MediaX Agency Officially Launches Linkible

MediaX Agency, a globally recognised leader in digital PR and growth marketing, has officially launched Linkible, an AI-powered link building agency engineered to help businesses in highly competitive and regulated industries achieve stronger online authority, higher search engine rankings and sustainable organic growth.
With AI-driven outreach and industry-specific link strategies, Linkible is redefining how brands secure high-quality backlinks, increase domain authority and dominate their niches in Google search.
Linkible is purpose-built for industries where credibility and compliance are critical:
• Law Firms & Legal Marketing – Earn authoritative legal backlinks to attract clients and improve local SEO.
• SaaS Companies – Accelerate organic growth with niche placements and product-led content strategies.
• Cannabis & CBD Brands – Gain SEO visibility while staying compliant in a restricted advertising environment.
• iGaming, Casino & Gambling – Drive traffic with white-hat link strategies tailored for high-competition keywords.
• E-commerce Businesses – Build scalable backlinks to boost product visibility and drive online sales.
Key Features of Linkible
• AI-Powered Prospecting & Outreach – Identify and connect with the right publishers at scale.
• Niche-Relevant Authority Backlinks – Secure placements on trusted websites that move rankings.
• Compliance-First Approach – Tailored strategies for industries facing strict regulations.
• Transparent SEO Reporting – Real-time dashboards to track backlinks, traffic and keyword improvements.
• Scalable Growth Solutions – Flexible link building packages for startups, enterprises and agencies.
“Traditional link building is outdated and ineffective in competitive industries. With Linkible, we’re combining the power of AI with our proven PR and SEO expertise to deliver smarter, faster, and compliance-friendly link building strategies that help businesses rank higher and grow sustainably,” said Rachita Chettri, Co-Founder of MediaX Agency.
The post MediaX Agency Officially Launches Linkible appeared first on European Gaming Industry News.
Industry News
Allwyn Launches Player Protection Lab

Allwyn, the lottery-led gaming entertainment company, has announced the launch of Allwyn Player Protection Lab, a global responsible gaming initiative aimed at supporting novel research and innovation to advance player safety.
Opening immediately for applications, the programme will support academics and experts working in the field of responsible gaming to explore new ideas, concepts and perspectives. Applicants are encouraged to submit proposals focusing on one of three key areas: digital innovation; using messaging to drive positive play; and developing effective safety tools.
Following the open call for applications, awards will be made for successful projects of up to €100,000, dependent on the scope of the prospective proposal.
The project demonstrates Allwyn’s commitment to developing global leading practice in responsible gaming. The call for applications will ensure Allwyn is casting the widest net and has the best chance to uncover new and interesting approaches to protecting players.
Nicole Garrett, Head of Responsible Gaming at Allwyn, said: “The Player Protection Lab is an exciting new avenue for Allwyn. Our responsible gaming team is seeking proposals that will encourage progress in player safety and break new ground in our industry. We hope that by opening the application process, we will have the opportunity to explore genuinely new ideas and draw lessons from other sectors.”
The call for proposals will run until 14 November.
The post Allwyn Launches Player Protection Lab appeared first on European Gaming Industry News.
-
eSports7 days ago
Esports Charts to deliver comprehensive viewership data to GeoGuessr
-
Africa6 days ago
Racing1 is exhibiting for the first time at the Grand Prix D’Afrique
-
Latest News6 days ago
Åland-Based Gaming Company Paf Becomes Main Partner of the Finnish Ski Association – One of the Most Significant Sponsorship Agreements in the Association’s History
-
FBM6 days ago
FBM® adds a new hero to its slots collection with Hippo’s Lock™ launch in Mexico
-
influencer Waltinho6 days ago
Influencer Rafa Campelo Becomes the New Face of MC Games’ Social Media Presence
-
AGA7 days ago
Four in Five U.S. Voters Say Sports Events Contracts Should Be Regulated Like Other Online Sportsbooks
-
Compliance Updates6 days ago
SOFTSWISS Compliance Expert Shares Knowledge on AML in iGaming for Sumsub Academy
-
Compliance Updates6 days ago
California Gambling Control Commission Reviews Licensing and Ownership Transfers at September 18 Meeting