Industry News
MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability
Attackers could exploit the SQL Injection flaw to compromise the game’s database and steal user data.
The CyberNews.com Investigation team discovered a critical vulnerability in Street Mobster, a browser-based massively multiplayer online game created by Bulgarian development company BigMage Studios.
Street Mobster is a free to play, browser-based online game in the mafia empire genre where players manage a fictional criminal enterprise. The game boasts a 1.9+ million player base and stores a user record database that can be accessed by threat actors by committing an SQL Injection (SQLi) attack on the game’s website.
Other games created by BigMage Studios are also potentially vulnerable to the same type of attack, which means that there is a possibility that even more users might be at risk.
The records that can be compromised by exploiting the SQLi vulnerability in Street Mobster potentially include the players’ usernames, email addresses, and passwords, as well as other game-related data that is stored on the database.
Fortunately, after we reported the vulnerability to BigMage Studios, CERT Bulgaria, and the Bulgarian data protection authority, the issue has been fixed by the developers and the user database is no longer accessible to potential attackers.
What is SQL Injection?
First found back in 1998, SQLi is deemed by the Open Web Application Security Project (OWASP) as the number one web application security risk.
Even though this vulnerability is relatively easy to fix, researchers found that 8% of websites and web applications are still vulnerable to SQLi attacks in 2020. Which, from a security perspective, is inexcusable. So much so, in fact, that UK internet service provider TalkTalk was hit with a record £400,000 fine over succumbing to a cyberattack that involved SQLi.
The vulnerability works by injecting an unexpected payload (a piece of code) into the input box on the website or in its URL address. Instead of reading the text as part of the URL, the website’s server reads the attacker’s payload as code and then proceeds to execute the attacker’s command or output data that would otherwise be inaccessible to unauthorized parties. Attackers can exploit SQLi even further by uploading pieces of code or even malware to the vulnerable server.
The fact that Street Mobster is susceptible to SQLi attacks clearly shows the disappointing and dangerous neglect of basic security practices on the part of the developers at BigMage Studios.
How we found this vulnerability
Our security team identified an SQL Injection vulnerability on the Street Mobster website and were able to confirm the vulnerability by performing a simple command injection test on the website URL. The CyberNews team did not extract any data from the vulnerable Street Mobster database.
What’s the impact of the vulnerability?
The data in the vulnerable Street Mobster database can be used in a variety of ways against the players whose information was exposed:
By injecting malicious payloads on Street Mobster’s server, attackers can potentially gain access to said server, where they can install malware on the game’s website and cause harm to the visitors – from using the players’ devices to mine cryptocurrency to redirecting them to other malicious websites, installing malware, and more.
The 1.9 million user credentials stored on the database can net the attackers user email addresses and passwords, which they can potentially use for credential stuffing attacks to hack the players’ accounts on other gaming platforms like Steam or other online services.
Because Street Mobster is a free-to-play game that incorporates microtransactions, bad actors could also make a lot of money from selling hacked player accounts on gray market websites.
What to do if you’ve been affected?
If you have a Street Mobster account, make sure to change your password immediately and make it as complex as possible. If you’ve been using your Street Mobster password on any other websites or services, change that password as well. This will prevent potential attackers from accessing your accounts on these websites in case they try to reuse your password for credential stuffing attacks.
However, it’s ultimately up to BigMage Studios to completely secure your Street Mobster account against attacks like SQLi.
Disclosure and lack of communication from BigMage Studios
Following our vulnerability disclosure guidelines, we notified the BigMage Studios about the leak on August 31, 2020. However, we received no reply. Our follow-up emails were left unanswered as well.
We then reached out to CERT Bulgaria on September 11 in order to help secure the website. CERT contacted the BigMage Studios and informed the company about the misconfiguration.
Throughout the disclosure process, BigMage Studios stayed radio silent and refused to get in touch with CyberNews.com. Due to this reason, we also notified the Bulgarian data protection agency about the incident on October 9 in the hopes that the agency would be able to pressure the company into fixing the issue.
Eventually, however, BigMage Studios appear to have fixed the SLQi vulnerability on streetmobster.com, without informing either CyberNews.com or CERT Bulgaria about that fact.
Powered by WPeMatico
AGA
AGA Announces Gaming Hall of Fame Class of 2026
The American Gaming Association (AGA) announced the Gaming Hall of Fame Class of 2026, recognizing four individuals whose careers have profoundly shaped the legal gaming industry:
• Holly Gagnon, Board Member, Bragg Gaming Group
• Bill G. Lance, Jr., Secretary of State, Chickasaw Nation
• Scott Olive, Principal & Founder, HRG Studios
• Timothy J. “Tim” Wilmott, Retired Chief Executive Officer, PENN Entertainment
“The Gaming Hall of Fame recognizes the individuals whose vision, innovation, and dedication have helped shape today’s legal gaming industry. Holly, Bill, Scott, and Tim have each left a lasting mark through decades of service and leadership. Their contributions have set a high standard for those who follow,” said AGA President and CEO Bill Miller.
“This year’s inductees reflect the remarkable breadth of the gaming industry – from commercial and tribal gaming operators to suppliers. Each of them has helped advance gaming in significant ways, and we’re proud to welcome them to the Gaming Hall of Fame,” said AGA Chairman Lou Jacobs.
Since 1989, the Gaming Hall of Fame has celebrated the achievements of industry legends who have driven the commercial and tribal gaming industry forward. The Class of 2026 will be formally inducted at an invitation-only ceremony during the Global Gaming Expo (G2E) in Las Vegas this fall.
This year’s selection committee members include:
• Eric Schippers, SVP, Public Affairs & Government Relations, PENN Entertainment Inc.
• Mark Fulton, President, Cherokee Nation Entertainment
• Trevor Croker, CEO & Managing Director, Aristocrat Technologies
• Sherri Sosa, SVP, Human Resources, Hard Rock Las Vegas Hotel & Casino
• Mark Lipparelli, Chairman Emeritus, International Center for Responsible Gaming
• Kirsten Clark, Executive Director, IAGA
• Siobhan Lane, Executive Vice President & Chief Executive Officer, Gaming, Light & Wonder; Chair, Global Gaming Women
• Dr. Brett Abarbanel, Executive Director, UNLV International Gaming Institute
• Lou Jacobs, Co-CEO, Delaware North; Chairman, AGA
About the 2026 Inductees:
Holly Gagnon, Board Member, Bragg Gaming Group
Holly began her 34-year gaming career on the opening team of Foxwoods Resort Casino in 1992, at the birth of modern tribal gaming in America. She went on to hold senior financial and operational roles at Caesars Entertainment and MGM Resorts International before serving as President and CEO of Pearl River Resort, CEO of Chumash Enterprises for the Santa Ynez Band of Chumash Indians, and CEO of Seneca Gaming Corporation for the Seneca Nation of Indians. Named NAFOA Executive of the Year in 2016, Gagnon is a recognized champion of tribal economic development. As a founding member of Global Gaming Women and Distinguished Fellow at the UNLV International Gaming Institute, she has helped develop more than 300 gaming executives. She currently serves as a board member of Bragg Gaming Group.
Bill G. Lance, Jr., Secretary of State, Chickasaw Nation
Bill has served the Chickasaw Nation for decades in senior leadership roles spanning commerce, healthcare, and governance. As Secretary of Commerce for more than thirteen years, he oversaw more than 60 gaming, hospitality, retail, media, manufacturing, and tourism businesses employing approximately 7000 people. He also served as Administrator of the Chickasaw Nation Health System, overseeing construction of the 370,000-square-foot Chickasaw Nation Medical Center in Ada, Oklahoma. Lance currently serves as Secretary of State, representing the Chickasaw Nation in civic, business, and governance capacities.
Scott Olive, Principal & Founder, HRG Studios
Scott is one of the most influential game designers in the history of the slot machine industry. His career spans more than three decades, beginning at Aristocrat Gaming in 1997, where he helped drive the adoption of penny and Australian-style slots in U.S. gaming markets. After co-founding True Blue Gaming in 2007, Olive established HRG Studios in 2012, where he went on to create some of the most commercially successful slot titles ever produced.
Timothy J. “Tim” Wilmott, Retired Chief Executive Officer, PENN Entertainment
Tim spent more than three decades as one of the gaming industry’s most respected operational leaders. He served as Chief Executive Officer of Penn National Gaming from 2013 until his retirement in 2019, having previously served as President and Chief Operating Officer from 2008 to 2013. Before joining Penn National, Wilmott served as Chief Operating Officer of Harrah’s Entertainment and Division President of its Eastern Division, holding a series of leadership positions at Harrah’s properties dating back to 1988.
The post AGA Announces Gaming Hall of Fame Class of 2026 appeared first on Americas iGaming & Sports Betting News.
Industry News
Wazdan schedules three-stage Network Promotion campaign for summer
The operator-facing series runs 29 June to 13 September and uses Mystery Drop and Mystery Multiplier Drop mechanics.
Wazdan will launch a summer-long Network Promotion series for partner casinos, running from 29th June to 13th September. The campaign is structured in three stages with breaks between each phase.
The promotion will use Wazdan’s Mystery Drop
and Mystery Multiplier
Drop mechanics. The supplier said the programme is designed to be easy for operators to activate and will be supported with marketing materials, including promotional assets, brochures and newsletter content for partners to use across their own channels.
Alongside the promotion, Wazdan has a summer content roadmap with three slot releases scheduled: Mighty Hot
: Amazonia (30th June), Magic Fruit$: Cherries (30th July) and Mighty Crown
: Empire of Gold (6th August).
Radka Bacheva, Head of Sales and Business Development at Wazdan, said: “Summer presents a valuable opportunity for operators to keep engagement levels high, and this promotion has been designed to deliver exactly that through Wazdan’s proven promotional tools.
“Combined with our upcoming game releases, we are excited to offer partners a strong seasonal campaign with plenty of player appeal.”
The post Wazdan schedules three-stage Network Promotion campaign for summer appeared first on EE Gaming | Global iGaming & Tech Intelligence Hub.
Casino Content
ICONIC21 launches Football Cup-branded casino games and debut network tournament
ICONIC21 has rolled out three limited-edition Football Cup-branded casino games and launched its first network tournament, ICONIC Showdown Football Cup, running from 9th of July to 19th of July.
The new titles are Football Cup Roulette, Football Cup Blackjack 360, and Football Cup Gravity Blackjack. ICONIC21 said the releases showcase different customisation approaches, including green screen production for the roulette environment and an updated visual rebrand for its RNG blackjack table.
For Football Cup Gravity Blackjack, ICONIC21 said it used its latest LED technology and applied the Gravity Series multiplier mechanic, with a custom felt, a football gate, and bespoke 3D-printed decorations.
Alongside the three new games, ICONIC21 pointed to its previously launched slot Soccer World Championship, plus The Kickoff and Top Card, which it said received football-season branding and UI/UX updates.
The ICONIC Showdown Football Cup tournament covers 11 games in total and is positioned around the quarter finals, semi-finals and final period. ICONIC21 said 1,000 winners will share a €50,000 prize pool, and operators can enroll via their account manager or by contacting the company directly.
Edvardas Sadovskis, Chief Product Officer at ICONIC21, said:
“What I’m most proud of with this project is the turnaround. We built three fully branded, technically distinct games, enhanced existing ones with promotional branding, and launched our first-ever network tournament around them, all timed to coincide with peak player interest and traffic.
That kind of speed doesn’t happen by accident, it reflects how this team works. ICONIC Showdown is a meaningful first step for us as a provider, and launching it during the Football Cup, with this much energy around the game, feels like the right way to do it. We’re genuinely excited to see how the leaderboard shapes up and even more excited for the finals.”
The post ICONIC21 launches Football Cup-branded casino games and debut network tournament appeared first on EE Gaming | Global iGaming & Tech Intelligence Hub.
-
10bet6 days agoEllis Park Stadium signs five-year naming rights deal with 10bet
-
Bucharest5 days agoEeze opens 1,200 sqm Bucharest hub for technical teams
-
central asia6 days agoGroove confirms attendance at SBC Summit Tbilisi 2026
-
API integration4 days agoBelatra signs cooperation deal to distribute slots via VeliGames
-
AB Trav och Galopp4 days agoBetMakers Technology Group Selected to Distribute ATG Horse Racing Content Across Australia and New Zealand
-
BETANO5 days agoPlay’n GO strengthens Latin American presence with Betano Colombia launch
-
affiliate marketing5 days agoSEOBROTHERS’ Aleksandra Drigo flags higher barriers for affiliates in regulated Alberta
-
Compliance Updates6 days agoKSA Updates Guidelines for Conducting Means Test



