Connect with us

Industry News

MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability

Published

on

Reading Time: 3 minutes

Attackers could exploit the SQL Injection flaw to compromise the game’s database and steal user data.

The CyberNews.com Investigation team discovered a critical vulnerability in Street Mobster, a browser-based massively multiplayer online game created by Bulgarian development company BigMage Studios.

Street Mobster is a free to play, browser-based online game in the mafia empire genre where players manage a fictional criminal enterprise. The game boasts a 1.9+ million player base and stores a user record database that can be accessed by threat actors by committing an SQL Injection (SQLi) attack on the game’s website.

Other games created by BigMage Studios are also potentially vulnerable to the same type of attack, which means that there is a possibility that even more users might be at risk.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

The records that can be compromised by exploiting the SQLi vulnerability in Street Mobster potentially include the players’ usernames, email addresses, and passwords, as well as other game-related data that is stored on the database.

Fortunately, after we reported the vulnerability to BigMage Studios, CERT Bulgaria, and the Bulgarian data protection authority, the issue has been fixed by the developers and the user database is no longer accessible to potential attackers.

What is SQL Injection?

First found back in 1998, SQLi is deemed by the Open Web Application Security Project (OWASP) as the number one web application security risk.

Even though this vulnerability is relatively easy to fix, researchers found that 8% of websites and web applications are still vulnerable to SQLi attacks in 2020. Which, from a security perspective, is inexcusable. So much so, in fact, that UK internet service provider TalkTalk was hit with a record £400,000 fine over succumbing to a cyberattack that involved SQLi.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

The vulnerability works by injecting an unexpected payload (a piece of code) into the input box on the website or in its URL address. Instead of reading the text as part of the URL, the website’s server reads the attacker’s payload as code and then proceeds to execute the attacker’s command or output data that would otherwise be inaccessible to unauthorized parties. Attackers can exploit SQLi even further by uploading pieces of code or even malware to the vulnerable server.

The fact that Street Mobster is susceptible to SQLi attacks clearly shows the disappointing and dangerous neglect of basic security practices on the part of the developers at BigMage Studios.

 

How we found this vulnerability

Our security team identified an SQL Injection vulnerability on the Street Mobster website and were able to confirm the vulnerability by performing a simple command injection test on the website URL. The CyberNews team did not extract any data from the vulnerable Street Mobster database.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

What’s the impact of the vulnerability?

The data in the vulnerable Street Mobster database can be used in a variety of ways against the players whose information was exposed:

By injecting malicious payloads on Street Mobster’s server, attackers can potentially gain access to said server, where they can install malware on the game’s website and cause harm to the visitors – from using the players’ devices to mine cryptocurrency to redirecting them to other malicious websites, installing malware, and more.

The 1.9 million user credentials stored on the database can net the attackers user email addresses and passwords, which they can potentially use for credential stuffing attacks to hack the players’ accounts on other gaming platforms like Steam or other online services.

Because Street Mobster is a free-to-play game that incorporates microtransactions, bad actors could also make a lot of money from selling hacked player accounts on gray market websites.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

What to do if you’ve been affected?

If you have a Street Mobster account, make sure to change your password immediately and make it as complex as possible. If you’ve been using your Street Mobster password on any other websites or services, change that password as well. This will prevent potential attackers from accessing your accounts on these websites in case they try to reuse your password for credential stuffing attacks.

However, it’s ultimately up to BigMage Studios to completely secure your Street Mobster account against attacks like SQLi.

Disclosure and lack of communication from BigMage Studios

Following our vulnerability disclosure guidelines, we notified the BigMage Studios about the leak on August 31, 2020. However, we received no reply. Our follow-up emails were left unanswered as well.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

We then reached out to CERT Bulgaria on September 11 in order to help secure the website. CERT contacted the BigMage Studios and informed the company about the misconfiguration.

Throughout the disclosure process, BigMage Studios stayed radio silent and refused to get in touch with CyberNews.com. Due to this reason, we also notified the Bulgarian data protection agency about the incident on October 9 in the hopes that the agency would be able to pressure the company into fixing the issue.

Eventually, however, BigMage Studios appear to have fixed the SLQi vulnerability on streetmobster.com, without informing either CyberNews.com or CERT Bulgaria about that fact.

 

Source

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

Powered by WPeMatico

Continue Reading
Advertisement

Gambling in the USA

Gaming Americas Weekly Roundup – September 8-15

Published

on

gaming-americas-weekly-roundup-–-september-8-15
Reading Time: 2 minutes

Welcome to our weekly roundup of American gambling news again! Here, we are going through the weekly highlights of the American gambling industry which include the latest news and new partnerships. Read on and get updated.

Latest News

IGT announced that its much-anticipated Wheel of Fortune Big Money Spin electronic table game (ETG) recently made its world debut at Downtown Grand Casino in Las Vegas, Nev. The vibrant standalone ETG game includes many of the attributes that have propelled the success of the Wheel of Fortune slots franchise for nearly three decades including word puzzles, wheel spins and exciting jackpot rewards. The game is accompanied by an attention-grabbing, 9-plus-feet upright video wheel that stands independent of the ETG terminals and entertains casino guests with the famous “WHEEL-OF-FORTUNE!” chant.

MGM Resorts International has announced that Corey Sanders, Chief Operating Officer, will retire from the company after more than 30 years of dedicated service and leadership. Sanders has agreed to remain COO through Dec. 31, 2025, and to serve as an advisor to the President and CEO through Dec. 31, 2026. The Company intends to name a new COO to serve as Sanders’ successor later this month. Sanders is currently MGM Resorts’ Chief Operating Officer, overseeing the company’s Las Vegas and regional properties as well as multiple corporate departments, including Hospitality, Gaming, Human Resources and Strategic Initiatives. Prior to that, he served as the company’s Chief Financial Officer and Treasurer.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

Members of Kletsel Dehe Wintun Nation, the Sherwood Valley Rancheria of Pomo Indians, the Mechoopda Indian Tribe of Chico Rancheria and Big Lagoon Rancheria gathered outside the State Capitol in Sacramento to protest Assembly Bill 831 (AB 831). If passed, the bill would limit economic opportunities available to less wealthy tribes in the state by banning legitimate online social games using sweepstakes promotions. It would also eliminate more than $1 billion of existing economic activity generated by the industry in California, and close off a potential new revenue source for the state via sensible, modern regulation and taxation.

Partnerships

Genius Sports Limited has expanded its long-term partnership with Hard Rock Bet Sportsbook (Hard Rock Bet) to power the top-rated platform with its market-leading official data, trading and marketing solutions, as well as its ground-breaking BetVision product. Genius Sports has worked in partnership with the leading operator since 2021, providing the highest quality official data and pinpoint trading solutions across top tier leagues globally, including the Premier League, Serie A, European Leagues, Liga MX, NFL and more. Hard Rock Bet will be able to provide its customers with Genius Sports’ first-of-its-kind BetVision low latency streaming solution.

Quick Custom Intelligence (QCI), a leading provider of data-driven casino intelligence and player engagement platforms, has announced that Dania Beach Casino is continuing to benefit from its deployment of the QCI Nimble platform. While the property currently focuses on the QCI Host and QCI Marketing modules, it has expressed enthusiasm about the capabilities of the new AGI56 release and its impact on future customer engagement strategies. AGI56 represents the most ambitious release in QCI’s history, with the platform undergoing a full refresh of its technology stack, improved integration of advanced analytics, and the introduction of generative AI-driven tooling through Chatalytics.com. QCI’s platform is currently deployed in more than 350 casinos worldwide.

The post Gaming Americas Weekly Roundup – September 8-15 appeared first on European Gaming Industry News.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)
Continue Reading

Industry News

MediaX Agency Officially Launches Linkible

Published

on

mediax-agency-officially-launches-linkible
Reading Time: < 1 minute

 

MediaX Agency, a globally recognised leader in digital PR and growth marketing, has officially launched Linkible, an AI-powered link building agency engineered to help businesses in highly competitive and regulated industries achieve stronger online authority, higher search engine rankings and sustainable organic growth.

With AI-driven outreach and industry-specific link strategies, Linkible is redefining how brands secure high-quality backlinks, increase domain authority and dominate their niches in Google search.

Linkible is purpose-built for industries where credibility and compliance are critical:

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

• Law Firms & Legal Marketing – Earn authoritative legal backlinks to attract clients and improve local SEO.

• SaaS Companies – Accelerate organic growth with niche placements and product-led content strategies.

• Cannabis & CBD Brands – Gain SEO visibility while staying compliant in a restricted advertising environment.

• iGaming, Casino & Gambling – Drive traffic with white-hat link strategies tailored for high-competition keywords.

• E-commerce Businesses – Build scalable backlinks to boost product visibility and drive online sales.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

Key Features of Linkible

• AI-Powered Prospecting & Outreach – Identify and connect with the right publishers at scale.

• Niche-Relevant Authority Backlinks – Secure placements on trusted websites that move rankings.

• Compliance-First Approach – Tailored strategies for industries facing strict regulations.

• Transparent SEO Reporting – Real-time dashboards to track backlinks, traffic and keyword improvements.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

• Scalable Growth Solutions – Flexible link building packages for startups, enterprises and agencies.

“Traditional link building is outdated and ineffective in competitive industries. With Linkible, we’re combining the power of AI with our proven PR and SEO expertise to deliver smarter, faster, and compliance-friendly link building strategies that help businesses rank higher and grow sustainably,” said Rachita Chettri, Co-Founder of MediaX Agency.

The post MediaX Agency Officially Launches Linkible appeared first on European Gaming Industry News.

Continue Reading

Industry News

Allwyn Launches Player Protection Lab

Published

on

allwyn-launches-player-protection-lab
Reading Time: < 1 minute

 

Allwyn, the lottery-led gaming entertainment company, has announced the launch of Allwyn Player Protection Lab, a global responsible gaming initiative aimed at supporting novel research and innovation to advance player safety.

Opening immediately for applications, the programme will support academics and experts working in the field of responsible gaming to explore new ideas, concepts and perspectives. Applicants are encouraged to submit proposals focusing on one of three key areas: digital innovation; using messaging to drive positive play; and developing effective safety tools.

Following the open call for applications, awards will be made for successful projects of up to €100,000, dependent on the scope of the prospective proposal.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

The project demonstrates Allwyn’s commitment to developing global leading practice in responsible gaming. The call for applications will ensure Allwyn is casting the widest net and has the best chance to uncover new and interesting approaches to protecting players.

Nicole Garrett, Head of Responsible Gaming at Allwyn, said: “The Player Protection Lab is an exciting new avenue for Allwyn. Our responsible gaming team is seeking proposals that will encourage progress in player safety and break new ground in our industry. We hope that by opening the application process, we will have the opportunity to explore genuinely new ideas and draw lessons from other sectors.”

The call for proposals will run until 14 November.

The post Allwyn Launches Player Protection Lab appeared first on European Gaming Industry News.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)
Continue Reading

Trending

Get it on Google Play

Fresh slot games releases by the top brands of the industry. We provide you with the latest news straight from the entertainment industries.

The platform also hosts industry-relevant webinars, and provides detailed reports, making it a one-stop resource for anyone seeking information about operators, suppliers, regulators, and professional services in the European gaming market. The portal's primary goal is to keep its extensive reader base updated on the latest happenings, trends, and developments within the gaming and gambling sector, with an emphasis on the European market while also covering pertinent global news. It's an indispensable resource for gaming professionals, operators, and enthusiasts alike.

Contact us: [email protected]

Editorial / PR Submissions: [email protected]

Copyright © 2015 - 2024 - Recent Slot Releases is part of HIPTHER Agency. Registered in Romania under Proshirt SRL, Company number: 2134306, EU VAT ID: RO21343605. Office address: Blvd. 1 Decembrie 1918 nr.5, Targu Mures, Romania