Connect with us

Latest News

MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability

Published

on

Reading Time: 3 minutes

Attackers could exploit the SQL Injection flaw to compromise the game’s database and steal user data.

The CyberNews.com Investigation team discovered a critical vulnerability in Street Mobster, a browser-based massively multiplayer online game created by Bulgarian development company BigMage Studios.

Street Mobster is a free to play, browser-based online game in the mafia empire genre where players manage a fictional criminal enterprise. The game boasts a 1.9+ million player base and stores a user record database that can be accessed by threat actors by committing an SQL Injection (SQLi) attack on the game’s website.

Other games created by BigMage Studios are also potentially vulnerable to the same type of attack, which means that there is a possibility that even more users might be at risk.

The records that can be compromised by exploiting the SQLi vulnerability in Street Mobster potentially include the players’ usernames, email addresses, and passwords, as well as other game-related data that is stored on the database.

Fortunately, after we reported the vulnerability to BigMage Studios, CERT Bulgaria, and the Bulgarian data protection authority, the issue has been fixed by the developers and the user database is no longer accessible to potential attackers.

What is SQL Injection?

First found back in 1998, SQLi is deemed by the Open Web Application Security Project (OWASP) as the number one web application security risk.

Even though this vulnerability is relatively easy to fix, researchers found that 8% of websites and web applications are still vulnerable to SQLi attacks in 2020. Which, from a security perspective, is inexcusable. So much so, in fact, that UK internet service provider TalkTalk was hit with a record £400,000 fine over succumbing to a cyberattack that involved SQLi.

The vulnerability works by injecting an unexpected payload (a piece of code) into the input box on the website or in its URL address. Instead of reading the text as part of the URL, the website’s server reads the attacker’s payload as code and then proceeds to execute the attacker’s command or output data that would otherwise be inaccessible to unauthorized parties. Attackers can exploit SQLi even further by uploading pieces of code or even malware to the vulnerable server.

The fact that Street Mobster is susceptible to SQLi attacks clearly shows the disappointing and dangerous neglect of basic security practices on the part of the developers at BigMage Studios.

 

How we found this vulnerability

Our security team identified an SQL Injection vulnerability on the Street Mobster website and were able to confirm the vulnerability by performing a simple command injection test on the website URL. The CyberNews team did not extract any data from the vulnerable Street Mobster database.

What’s the impact of the vulnerability?

The data in the vulnerable Street Mobster database can be used in a variety of ways against the players whose information was exposed:

By injecting malicious payloads on Street Mobster’s server, attackers can potentially gain access to said server, where they can install malware on the game’s website and cause harm to the visitors – from using the players’ devices to mine cryptocurrency to redirecting them to other malicious websites, installing malware, and more.

The 1.9 million user credentials stored on the database can net the attackers user email addresses and passwords, which they can potentially use for credential stuffing attacks to hack the players’ accounts on other gaming platforms like Steam or other online services.

Because Street Mobster is a free-to-play game that incorporates microtransactions, bad actors could also make a lot of money from selling hacked player accounts on gray market websites.

What to do if you’ve been affected?

If you have a Street Mobster account, make sure to change your password immediately and make it as complex as possible. If you’ve been using your Street Mobster password on any other websites or services, change that password as well. This will prevent potential attackers from accessing your accounts on these websites in case they try to reuse your password for credential stuffing attacks.

However, it’s ultimately up to BigMage Studios to completely secure your Street Mobster account against attacks like SQLi.

Disclosure and lack of communication from BigMage Studios

Following our vulnerability disclosure guidelines, we notified the BigMage Studios about the leak on August 31, 2020. However, we received no reply. Our follow-up emails were left unanswered as well.

We then reached out to CERT Bulgaria on September 11 in order to help secure the website. CERT contacted the BigMage Studios and informed the company about the misconfiguration.

Throughout the disclosure process, BigMage Studios stayed radio silent and refused to get in touch with CyberNews.com. Due to this reason, we also notified the Bulgarian data protection agency about the incident on October 9 in the hopes that the agency would be able to pressure the company into fixing the issue.

Eventually, however, BigMage Studios appear to have fixed the SLQi vulnerability on streetmobster.com, without informing either CyberNews.com or CERT Bulgaria about that fact.

 

Source

Powered by WPeMatico

Continue Reading
Advertisement

AGS

AGS details OIGA 2026 lineup, including Spectra SL75+ and Revel updates

Published

on

ags-details-oiga-2026-lineup,-including-spectra-sl75+-and-revel-updates

Supplier confirms booth 732 at the July 20-22 show in Oklahoma City and outlines new game titles plus BSX table progressives.

AGS said it will attend the 2026 Oklahoma Indian Gaming Association (OIGA) Conference and Trade Show on July 20-22 at the Oklahoma City Convention Center, where it plans to present new slot content, cabinet updates, and its table progressive platform. The company will exhibit at booth 732.

In a statement, AGS CEO and President David Lopez positioned the show as a homecoming tied to the company’s Class II history in the state. ”Oklahoma is not just another dot on the map for us. It’s where we started and where we learned how to be a true gaming supplier,” Lopez said. “You can’t fake it in Oklahoma. Tribal customers know the games, they know the math, they know service, and they know who shows up every time. That has been great for AGS, because it forced us to get better. It made us more disciplined while keeping us honest. We’ve grown a lot since then – Class III, tables, interactive, offices all over the place – but our history in Oklahoma and Class II is not something we moved on from. It’s part of the AGS engine.”

On the slots side, AGS said its showcase will include the large-format Spectra SL75+™ cabinet, which supports the Spectra game library, including premium titles when leased. The company said the cabinet will be used to highlight five new titles: Rakin’ Bacon! Fu Zhu Bao Bao™; Rakin’ Bacon! 5 Prosperity Pots™; Cash Carriage Looter™; Da Da Luo Boom™; and Frightful Fortunes Popping Pumpkins™.

AGS also outlined its mechanical stepper cabinet Revel®, available in both Class II and Class III, and said its latest Revel portfolio includes Crystal Reels® and Royal Reels®. The company added that Jackpot Legends™ and So Hot Cash® are set to debut in Class III later this year, with Class II launches following in 2027.

For tables, AGS highlighted its Bonus Spin Xtreme® (BSX) progressive platform, which the company said links table games across the pit and poker room. AGS did not disclose operator deployments, jackpot figures, or performance metrics tied to BSX in the announcement.

The post AGS details OIGA 2026 lineup, including Spectra SL75+ and Revel updates appeared first on EE Gaming | Global iGaming & Tech Intelligence Hub.

Continue Reading

Latest News

Expandirse en LatAm: el costo oculto que enfrenta la industria del iGaming

Published

on

expandirse-en-latam:-el-costo-oculto-que-enfrenta-la-industria-del-igaming

Gestionar fondos en múltiples mercados: el cuello de botella oculto que frena el crecimiento del iGaming en América Latina

Argentina, 13 de julio de 2026 – Escalar un negocio de iGaming en América Latina implica gestionar infraestructuras de pago paralelas, fondos de liquidez separados y procesos de conciliación desconectados en cada país. Para los operadores que buscan expandirse a nivel regional, esta fragmentación se ha convertido en un costo tangible: consume tiempo, inmoviliza capital, reduce los márgenes a medida que el negocio crece y aumenta la complejidad operativa con cada nuevo mercado.

Brasil marcó el ritmo con ingresos por 37.000 millones de reales en 2025, el primer año completo del mercado bajo un marco regulatorio, según datos de la Secretaría de Premios y Apuestas (SPA). Argentina, Perú, México y Chile también continuaron atrayendo operadores con estrategias de expansión regional. Sin embargo, en la práctica, estas compañías siguen enfrentándose al mismo obstáculo: infraestructuras financieras que operan de manera aislada, con poca o ninguna interoperabilidad entre sí.

Cada mercado funciona sobre rieles de pago locales sin un equivalente directo en otros países. En Brasil, Pix, incluido Pix Biométrico, representa la gran mayoría de las transacciones, especialmente tras la prohibición del uso de tarjetas de crédito y boletos bancarios para las apuestas. En Argentina, las CVU y las transferencias instantáneas cuenta a cuenta (A2A) impulsan los depósitos y retiros; en México ese rol lo cumplen las transferencias SPEI A2A, mientras que en Colombia corresponde a BRE-B. En Chile, MACH se ha convertido en el método de pago preferido por una gran parte de los jugadores y, en Perú, ese lugar lo ocupa Yape. Ninguna de estas infraestructuras de pago se integra de forma nativa con las demás, lo que significa que un operador presente en todos estos mercados termina administrando una infraestructura financiera independiente en cada uno de ellos.

El impacto va mucho más allá del procesamiento de pagos. Cuando los fondos circulan a través de sistemas desconectados entre distintas jurisdicciones, cada una con sus propias normas fiscales y ciclos de liquidación, los operadores pierden visibilidad en tiempo real sobre su posición de caja. Como consecuencia, decisiones que deberían basarse en información precisa y actualizada terminan dependiendo de consolidaciones manuales y estimaciones.

“Vimos venir este escenario antes que el mercado. A medida que la regulación maduró en Brasil, Argentina, Perú, Colombia y el resto de la región, el mayor desafío para los operadores dejó silenciosamente de ser ‘¿podemos ingresar al mercado?’ para convertirse en ‘¿podemos controlar lo que ocurre dentro de nuestra operación?’. Las operaciones financieras fragmentadas son hoy uno de los principales obstáculos para una expansión regional rentable y el problema se agrava, no se reduce, cuanto más crece una empresa. Los ganadores no se definirán por su presencia geográfica, sino por su capacidad de tener visibilidad, control y una gestión integrada. Esa es la convicción sobre la que se construyó OKTO PAYMENTS: infraestructura de pagos local en cada mercado, con una única capa de control financiero por encima, conectada mediante una sola API para todo el continente”, afirmó Filippos Antonopoulos, fundador y CEO de OKTO PAYMENTS.

Para los proveedores de servicios de pago (PSP), dar soporte a operadores presentes en múltiples mercados requiere mucho más que conectividad con los métodos de pago locales. Exige combinar infraestructura local con una capa centralizada de gestión financiera que proporcione visibilidad en tiempo real sobre los fondos, la conciliación y la liquidez entre distintas jurisdicciones. El objetivo es administrar los pagos no como integraciones independientes por país, sino como un marco unificado de control financiero distribuido en múltiples mercados.

OKTO PAYMENTS fue diseñado precisamente para responder a ese desafío. Los operadores realizan una única integración y acceden a los métodos de pago locales que los jugadores esperan en cada mercado: Pix en Brasil, CVU y A2A en Argentina, MACH en Chile, Yape en Perú, entre otros. Sobre esa infraestructura funciona una única capa de tesorería y conciliación que consolida fondos, liquidez y liquidaciones en una vista unificada y en tiempo real, permitiendo que los equipos financieros dejen de conciliar mercado por mercado para gestionar una única posición regional.

Para los operadores que están planificando o acelerando su expansión regional, OKTO PAYMENTS ofrece una evaluación de su infraestructura financiera para identificar dónde la fragmentación está generando costos hoy, ya sea por capital inmovilizado, demoras en las liquidaciones o pérdida de visibilidad financiera. Para solicitar una evaluación, los interesados pueden contactar al equipo comercial de OKTO PAYMENTS.

The post Expandirse en LatAm: el costo oculto que enfrenta la industria del iGaming appeared first on Americas iGaming & Sports Betting News.

Continue Reading

AGS

AGS Reflects on Their Class II Roots at OIGA 2026

Published

on

ags-reflects-on-their-class-ii-roots-at-oiga-2026

AGS today announced it will be attending the 2026 Oklahoma Indian Gaming Association (OIGA) Conference and Trade Show, taking place July 20-22 at the Oklahoma City Convention Center.

With deep seated roots in Oklahoma, where AGS was founded and where its primary warehouse and production facility is located, AGS is eager to return to OIGA with a continued commitment to serving the needs of tribal operators.

”Oklahoma is not just another dot on the map for us. It’s where we started and where we learned how to be a true gaming supplier,” said David Lopez, CEO and President of AGS. “You can’t fake it in Oklahoma. Tribal customers know the games, they know the math, they know service, and they know who shows up every time. That has been great for AGS, because it forced us to get better. It made us more disciplined while keeping us honest. We’ve grown a lot since then – Class III, tables, interactive, offices all over the place – but our history in Oklahoma and Class II is not something we moved on from. It’s part of the AGS engine.”

The Company’s product showcase will include the large-format, specialty cabinet Spectra SL75+™. Designed to support the entire Spectra game library, including premium titles when leased, Spectra SL75+ gives operators added flexibility to mix and match content to fit their unique casino floor.

The cabinet acts as the perfect canvas to highlight five new titles including Rakin’ Bacon! Fu Zhu Bao Bao™ and Rakin’ Bacon! 5 Prosperity Pots™, Cash Carriage Looter™, Da Da Luo Boom™, and Frightful Fortunes Popping Pumpkins™.

AGS’ high-performing mechanical stepper cabinet Revel® – available in both Class II and Class III – is redefining the category by blending traditional mechanical gameplay with video-inspired features, creating an engaging experience for all player types. The latest Revel portfolio includes Crystal Reels® and Royal Reels®, available in both Class II and Class III. Expanding the lineup, Jackpot Legends™ – a new cash-on-reels title featuring an exciting Jackpot Bonus Wheel – and So Hot Cash®, which delivers classic stepper gameplay and can be linked to the So Hot Grand progressive, are set to debut in Class III later this year, with Class II launches following in 2027.

On the table side, AGS’ award-winning progressive platform Bonus Spin Xtreme® (BSX) has been hugely successful in turning small side bets into massive jackpots throughout the tribal casino market. Linking all table games – from the pit to the poker room – BSX has been elemental in allowing operators to offer the flexibility at the tables to make these life-changing wins become more common.

AGS’ participation in OIGA reflects the Company’s history in Oklahoma and its longstanding commitment to the tribal gaming community. More than a trade show presence, OIGA is an opportunity for AGS to reconnect with valued partners, strengthen relationships, and reaffirm its respect for the Oklahoma Tribes that have played such an important role in the Company’s growth.

Attendees are invited to visit AGS at booth 732 throughout the show.

For more information, visit newsroom.playags.com.

©2026 AGS LLC. All® notices signify marks registered in the United States. All ™ notices signify trademarks which are currently not registered on any country-wide basis. Products referenced herein are sold by AGS LLC or its affiliates.

The post AGS Reflects on Their Class II Roots at OIGA 2026 appeared first on Americas iGaming & Sports Betting News.

Continue Reading

Trending

Get it on Google Play

Fresh slot games releases by the top brands of the industry. We provide you with the latest news straight from the entertainment industries.

The platform also hosts industry-relevant webinars, and provides detailed reports, making it a one-stop resource for anyone seeking information about operators, suppliers, regulators, and professional services in the European gaming market. The portal's primary goal is to keep its extensive reader base updated on the latest happenings, trends, and developments within the gaming and gambling sector, with an emphasis on the European market while also covering pertinent global news. It's an indispensable resource for gaming professionals, operators, and enthusiasts alike.

Contact us: [email protected]

Editorial / PR Submissions: [email protected]

Copyright © 2015 - 2024 - Recent Slot Releases is part of HIPTHER Agency. Registered in Romania under Proshirt SRL, Company number: 2134306, EU VAT ID: RO21343605. Office address: Blvd. 1 Decembrie 1918 nr.5, Targu Mures, Romania