Industry News
MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability
Attackers could exploit the SQL Injection flaw to compromise the game’s database and steal user data.
The CyberNews.com Investigation team discovered a critical vulnerability in Street Mobster, a browser-based massively multiplayer online game created by Bulgarian development company BigMage Studios.
Street Mobster is a free to play, browser-based online game in the mafia empire genre where players manage a fictional criminal enterprise. The game boasts a 1.9+ million player base and stores a user record database that can be accessed by threat actors by committing an SQL Injection (SQLi) attack on the game’s website.
Other games created by BigMage Studios are also potentially vulnerable to the same type of attack, which means that there is a possibility that even more users might be at risk.
The records that can be compromised by exploiting the SQLi vulnerability in Street Mobster potentially include the players’ usernames, email addresses, and passwords, as well as other game-related data that is stored on the database.
Fortunately, after we reported the vulnerability to BigMage Studios, CERT Bulgaria, and the Bulgarian data protection authority, the issue has been fixed by the developers and the user database is no longer accessible to potential attackers.
What is SQL Injection?
First found back in 1998, SQLi is deemed by the Open Web Application Security Project (OWASP) as the number one web application security risk.
Even though this vulnerability is relatively easy to fix, researchers found that 8% of websites and web applications are still vulnerable to SQLi attacks in 2020. Which, from a security perspective, is inexcusable. So much so, in fact, that UK internet service provider TalkTalk was hit with a record £400,000 fine over succumbing to a cyberattack that involved SQLi.
The vulnerability works by injecting an unexpected payload (a piece of code) into the input box on the website or in its URL address. Instead of reading the text as part of the URL, the website’s server reads the attacker’s payload as code and then proceeds to execute the attacker’s command or output data that would otherwise be inaccessible to unauthorized parties. Attackers can exploit SQLi even further by uploading pieces of code or even malware to the vulnerable server.
The fact that Street Mobster is susceptible to SQLi attacks clearly shows the disappointing and dangerous neglect of basic security practices on the part of the developers at BigMage Studios.
How we found this vulnerability
Our security team identified an SQL Injection vulnerability on the Street Mobster website and were able to confirm the vulnerability by performing a simple command injection test on the website URL. The CyberNews team did not extract any data from the vulnerable Street Mobster database.
What’s the impact of the vulnerability?
The data in the vulnerable Street Mobster database can be used in a variety of ways against the players whose information was exposed:
By injecting malicious payloads on Street Mobster’s server, attackers can potentially gain access to said server, where they can install malware on the game’s website and cause harm to the visitors – from using the players’ devices to mine cryptocurrency to redirecting them to other malicious websites, installing malware, and more.
The 1.9 million user credentials stored on the database can net the attackers user email addresses and passwords, which they can potentially use for credential stuffing attacks to hack the players’ accounts on other gaming platforms like Steam or other online services.
Because Street Mobster is a free-to-play game that incorporates microtransactions, bad actors could also make a lot of money from selling hacked player accounts on gray market websites.
What to do if you’ve been affected?
If you have a Street Mobster account, make sure to change your password immediately and make it as complex as possible. If you’ve been using your Street Mobster password on any other websites or services, change that password as well. This will prevent potential attackers from accessing your accounts on these websites in case they try to reuse your password for credential stuffing attacks.
However, it’s ultimately up to BigMage Studios to completely secure your Street Mobster account against attacks like SQLi.
Disclosure and lack of communication from BigMage Studios
Following our vulnerability disclosure guidelines, we notified the BigMage Studios about the leak on August 31, 2020. However, we received no reply. Our follow-up emails were left unanswered as well.
We then reached out to CERT Bulgaria on September 11 in order to help secure the website. CERT contacted the BigMage Studios and informed the company about the misconfiguration.
Throughout the disclosure process, BigMage Studios stayed radio silent and refused to get in touch with CyberNews.com. Due to this reason, we also notified the Bulgarian data protection agency about the incident on October 9 in the hopes that the agency would be able to pressure the company into fixing the issue.
Eventually, however, BigMage Studios appear to have fixed the SLQi vulnerability on streetmobster.com, without informing either CyberNews.com or CERT Bulgaria about that fact.
Powered by WPeMatico
Turnkey iGaming platform Betable has promoted Daniel Shannon to the newly created role of Director of Growth, as the company prepares for its next phase of expansion in regulated markets.
In his new position, Shannon will lead Betable’s growth strategy across key territories, including the UK and the Philippines, with several major deals expected to be finalised in the near future.
Shannon previously served as Head of Acquisition at Betable and brings additional experience from senior roles at Manchester-based CBS Global Marketing.
As Director of Growth, he will be responsible for driving commercial performance, scaling revenue, optimising operations, and expanding Betable’s presence across global regulated markets.
Charlie Noble, COO at Betable, said:
“Dan has quickly become an integral part of the Betable team, and this promotion reflects both his impact and our confidence in his ability to lead the business forward. As we continue to grow in regulated markets, his commercial insight and operational focus will be invaluable.”
Daniel Shannon, Director of Growth at Betable, added:
“I’m excited to take on this role at such a pivotal time for Betable. We’ve built strong foundations, and the focus now is on scaling that success into new regulated markets, strengthening partnerships, and delivering consistent growth. There’s a significant opportunity ahead, and I’m looking forward to helping the business realise it.”
The post Betable promotes Daniel Shannon to lead next stage of expansion appeared first on Eastern European Gaming | Global iGaming & Tech Intelligence Hub.
Amusnet has been awarded the title of Best Slot Developer at the GamingTECH Awards 2026, marking a notable acknowledgment of the company’s innovative and technical prowess. Unveiled on March 25th in Prague at the 10th-anniversary edition of the Prague Gaming & TECH Summit, this recognition emphasizes the influence of the company’s varied, high-achieving slot collection throughout Central and Eastern European markets.
This accolade highlights the organization’s capacity to provide a diverse array of titles that satisfy the changing needs of both operators and players. By prioritizing technical dependability, dynamic animations, and captivating features, Amusnet has positioned itself as a key partner in the area.
“We are truly honoured to receive the Best Slot Developer award,” commented Julia Peeva-Sertov, CEO & Director at Amusnet Gaming, Malta. “This recognition reflects the dedication of our entire team and our commitment to delivering exceptional gaming experiences for players. Empowering our partners continues to inspire us to push boundaries and set new benchmarks in the industry.”
The Prague Gaming & TECH Summit united industry leaders and top executives to explore the connection between gaming, AI, and fintech. During the event, representatives from Amusnet Gaming participated in strategic networking and high-level discussions within the industry, enhancing connections with partners in the CEE area. Winning this title at a milestone anniversary occasion reinforces the company’s position as an innovative leader in the digital entertainment industry.
The post Amusnet Named Best Slot Developer at GamingTECH Awards 2026 appeared first on Eastern European Gaming | Global iGaming & Tech Intelligence Hub.
Soft2Bet, a leading iGaming turnkey solutions provider, recently brought together industry connections for an exclusive two-day golf and padel experience at the Gleneagles Hotel in Scotland. The event brought Soft2Bet’s friends and connections together to enjoy a relaxed day of golf and padel, meaningful conversations, and shared moments in an inspiring setting, celebrating the spirit of connection and community that defines the company’s approach.
Set against the backdrop of one of Scotland’s best-known sporting estates, the day paired competitive play with the camaraderie and shared spirit that are such a valued part of the game. Attendees enjoyed access to Gleneagles’ most exclusive Ryder Cup & Solheim courses, where the relaxed setting encouraged genuine connection and reflected the supportive atmosphere that made the gathering especially memorable.
Gleneagles was a fitting venue for the occasion. With more than a century of golfing history, three championship courses and a reputation built on world-class hospitality, it remains one of Scotland’s standout golf destinations. Its PGA Centenary Course hosted the 2014 Ryder Cup and the 2019 Solheim Cup, making Gleneagles the only golfing destination in Europe to have staged both events.
The event reflects Soft2Bet’s belief that strong connections are built through shared goals, trust and collaboration. Creating space for in-person connection allows the company to deepen those relationships and support long-term success.
Harrison Barrett, VP of Business Development at Soft2Bet, commented: “Bringing the industry together in a setting like Gleneagles allows us to go beyond day-to-day operations and focus on what truly drives success, while playing golf and padel. Events like this are an opportunity to align on vision, exchange ideas and celebrate the momentum.”
Stuart Trigwell, Director of Business Development at Play’n GO said: “The time spent at Gleneagles, enjoying the incredible courses and engaging in genuine, strategic conversations, was an absolute highlight. It is events like these that reinforce the trust and collaborative spirit at the core of our relations.”
The gathering reflects Soft2Bet’s wider approach to the iGaming community engagement, creating opportunities for stronger collaboration and supporting growth across key markets.
The post Soft2Bet Gathering: An Elite Golf & Padel Experience appeared first on Eastern European Gaming | Global iGaming & Tech Intelligence Hub.
-
Booming Games7 days agoBooming Games releases Ultra Buffalo Hold and Win
-
Big Time Gaming7 days ago
BTG brings iconic board game action to the reels with MONOPOLY MEGAPOTS™
-
Baroness Fiona Twycross7 days ago
BGC AGM 2026 Discussed About Surging Illegal Gambling Black Market
-
Latest News5 days ago
ELA Games Contributes to Discussions on Scalable iGaming Ecosystems and Studio Innovation at HIPTHER Prague Summit
-
Brazil6 days ago
Brazil advances integrity agenda amid strong market growth
-
Brasil6 days ago
Brasil impulsa su agenda de integridad en un contexto de fuerte crecimiento del mercado
-
Brazil5 days ago
Brazil advances integrity agenda amid strong market growth
-
BGaming7 days ago
Ascend With the Gods in BGaming’s Gates of Power
