Connect with us

Industry News

MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability

Published

on

Reading Time: 3 minutes

Attackers could exploit the SQL Injection flaw to compromise the game’s database and steal user data.

The CyberNews.com Investigation team discovered a critical vulnerability in Street Mobster, a browser-based massively multiplayer online game created by Bulgarian development company BigMage Studios.

Street Mobster is a free to play, browser-based online game in the mafia empire genre where players manage a fictional criminal enterprise. The game boasts a 1.9+ million player base and stores a user record database that can be accessed by threat actors by committing an SQL Injection (SQLi) attack on the game’s website.

Other games created by BigMage Studios are also potentially vulnerable to the same type of attack, which means that there is a possibility that even more users might be at risk.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

The records that can be compromised by exploiting the SQLi vulnerability in Street Mobster potentially include the players’ usernames, email addresses, and passwords, as well as other game-related data that is stored on the database.

Fortunately, after we reported the vulnerability to BigMage Studios, CERT Bulgaria, and the Bulgarian data protection authority, the issue has been fixed by the developers and the user database is no longer accessible to potential attackers.

What is SQL Injection?

First found back in 1998, SQLi is deemed by the Open Web Application Security Project (OWASP) as the number one web application security risk.

Even though this vulnerability is relatively easy to fix, researchers found that 8% of websites and web applications are still vulnerable to SQLi attacks in 2020. Which, from a security perspective, is inexcusable. So much so, in fact, that UK internet service provider TalkTalk was hit with a record £400,000 fine over succumbing to a cyberattack that involved SQLi.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

The vulnerability works by injecting an unexpected payload (a piece of code) into the input box on the website or in its URL address. Instead of reading the text as part of the URL, the website’s server reads the attacker’s payload as code and then proceeds to execute the attacker’s command or output data that would otherwise be inaccessible to unauthorized parties. Attackers can exploit SQLi even further by uploading pieces of code or even malware to the vulnerable server.

The fact that Street Mobster is susceptible to SQLi attacks clearly shows the disappointing and dangerous neglect of basic security practices on the part of the developers at BigMage Studios.

 

How we found this vulnerability

Our security team identified an SQL Injection vulnerability on the Street Mobster website and were able to confirm the vulnerability by performing a simple command injection test on the website URL. The CyberNews team did not extract any data from the vulnerable Street Mobster database.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

What’s the impact of the vulnerability?

The data in the vulnerable Street Mobster database can be used in a variety of ways against the players whose information was exposed:

By injecting malicious payloads on Street Mobster’s server, attackers can potentially gain access to said server, where they can install malware on the game’s website and cause harm to the visitors – from using the players’ devices to mine cryptocurrency to redirecting them to other malicious websites, installing malware, and more.

The 1.9 million user credentials stored on the database can net the attackers user email addresses and passwords, which they can potentially use for credential stuffing attacks to hack the players’ accounts on other gaming platforms like Steam or other online services.

Because Street Mobster is a free-to-play game that incorporates microtransactions, bad actors could also make a lot of money from selling hacked player accounts on gray market websites.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

What to do if you’ve been affected?

If you have a Street Mobster account, make sure to change your password immediately and make it as complex as possible. If you’ve been using your Street Mobster password on any other websites or services, change that password as well. This will prevent potential attackers from accessing your accounts on these websites in case they try to reuse your password for credential stuffing attacks.

However, it’s ultimately up to BigMage Studios to completely secure your Street Mobster account against attacks like SQLi.

Disclosure and lack of communication from BigMage Studios

Following our vulnerability disclosure guidelines, we notified the BigMage Studios about the leak on August 31, 2020. However, we received no reply. Our follow-up emails were left unanswered as well.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

We then reached out to CERT Bulgaria on September 11 in order to help secure the website. CERT contacted the BigMage Studios and informed the company about the misconfiguration.

Throughout the disclosure process, BigMage Studios stayed radio silent and refused to get in touch with CyberNews.com. Due to this reason, we also notified the Bulgarian data protection agency about the incident on October 9 in the hopes that the agency would be able to pressure the company into fixing the issue.

Eventually, however, BigMage Studios appear to have fixed the SLQi vulnerability on streetmobster.com, without informing either CyberNews.com or CERT Bulgaria about that fact.

 

Source

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

Powered by WPeMatico

Continue Reading
Advertisement

Industry News

MediaX Agency Officially Launches Linkible

Published

on

mediax-agency-officially-launches-linkible
Reading Time: < 1 minute

 

MediaX Agency, a globally recognised leader in digital PR and growth marketing, has officially launched Linkible, an AI-powered link building agency engineered to help businesses in highly competitive and regulated industries achieve stronger online authority, higher search engine rankings and sustainable organic growth.

With AI-driven outreach and industry-specific link strategies, Linkible is redefining how brands secure high-quality backlinks, increase domain authority and dominate their niches in Google search.

Linkible is purpose-built for industries where credibility and compliance are critical:

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

• Law Firms & Legal Marketing – Earn authoritative legal backlinks to attract clients and improve local SEO.

• SaaS Companies – Accelerate organic growth with niche placements and product-led content strategies.

• Cannabis & CBD Brands – Gain SEO visibility while staying compliant in a restricted advertising environment.

• iGaming, Casino & Gambling – Drive traffic with white-hat link strategies tailored for high-competition keywords.

• E-commerce Businesses – Build scalable backlinks to boost product visibility and drive online sales.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

Key Features of Linkible

• AI-Powered Prospecting & Outreach – Identify and connect with the right publishers at scale.

• Niche-Relevant Authority Backlinks – Secure placements on trusted websites that move rankings.

• Compliance-First Approach – Tailored strategies for industries facing strict regulations.

• Transparent SEO Reporting – Real-time dashboards to track backlinks, traffic and keyword improvements.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

• Scalable Growth Solutions – Flexible link building packages for startups, enterprises and agencies.

“Traditional link building is outdated and ineffective in competitive industries. With Linkible, we’re combining the power of AI with our proven PR and SEO expertise to deliver smarter, faster, and compliance-friendly link building strategies that help businesses rank higher and grow sustainably,” said Rachita Chettri, Co-Founder of MediaX Agency.

The post MediaX Agency Officially Launches Linkible appeared first on European Gaming Industry News.

Continue Reading

Industry News

Allwyn Launches Player Protection Lab

Published

on

allwyn-launches-player-protection-lab
Reading Time: < 1 minute

 

Allwyn, the lottery-led gaming entertainment company, has announced the launch of Allwyn Player Protection Lab, a global responsible gaming initiative aimed at supporting novel research and innovation to advance player safety.

Opening immediately for applications, the programme will support academics and experts working in the field of responsible gaming to explore new ideas, concepts and perspectives. Applicants are encouraged to submit proposals focusing on one of three key areas: digital innovation; using messaging to drive positive play; and developing effective safety tools.

Following the open call for applications, awards will be made for successful projects of up to €100,000, dependent on the scope of the prospective proposal.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

The project demonstrates Allwyn’s commitment to developing global leading practice in responsible gaming. The call for applications will ensure Allwyn is casting the widest net and has the best chance to uncover new and interesting approaches to protecting players.

Nicole Garrett, Head of Responsible Gaming at Allwyn, said: “The Player Protection Lab is an exciting new avenue for Allwyn. Our responsible gaming team is seeking proposals that will encourage progress in player safety and break new ground in our industry. We hope that by opening the application process, we will have the opportunity to explore genuinely new ideas and draw lessons from other sectors.”

The call for proposals will run until 14 November.

The post Allwyn Launches Player Protection Lab appeared first on European Gaming Industry News.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)
Continue Reading

Industry News

Creedroomz Introduces Cashout Blackjack

Published

on

creedroomz-introduces-cashout-blackjack
Reading Time: < 1 minute

 

Creedroomz has launched Cashout Blackjack, a new version of its popular Live Blackjack game designed to redefine player engagement. This major update features a groundbreaking Side Bet Gamble mechanic, a completely redesigned UI and other key enhancements that deliver a new standard of excitement.

The Side Bet Gamble is an industry-first feature that gives players total control over their side bet winnings. Unlike traditional bonus rounds that are passive or tied to specific game events, this optional decision occurs only for players who have won a side bet, right at the end of the round after the last dealer card has been dealt. Players are given a choice: Gamble their winnings for a chance to double their payout, or Skip and keep their original amount. This high-stakes, real-time decision point transforms every win into an exhilarating risk-reward moment.

Cashout Blackjack also includes a suite of powerful updates:

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)

Sleek New UI: A fully redesigned interface built for seamless usability on all devices.

Rebalanced Side Bets: Payouts have been rebalanced to make side bets more compelling and rewarding.

Auto-stand applied on hard / non-splitable scores of 17, 18, 19 and 20.

The new Cashout Blackjack, complete with the Side Bet Gamble feature, is now available to all Creedroomz partners. This launch underscores Creedroomz’s strategic vision to provide partners with groundbreaking tools that ensure they remain at the forefront of the competitive iGaming market.

The post Creedroomz Introduces Cashout Blackjack appeared first on European Gaming Industry News.

Advertisement
European Gaming Congress 2024 (Warsaw, Poland)
Continue Reading

Trending

Get it on Google Play

Fresh slot games releases by the top brands of the industry. We provide you with the latest news straight from the entertainment industries.

The platform also hosts industry-relevant webinars, and provides detailed reports, making it a one-stop resource for anyone seeking information about operators, suppliers, regulators, and professional services in the European gaming market. The portal's primary goal is to keep its extensive reader base updated on the latest happenings, trends, and developments within the gaming and gambling sector, with an emphasis on the European market while also covering pertinent global news. It's an indispensable resource for gaming professionals, operators, and enthusiasts alike.

Contact us: [email protected]

Editorial / PR Submissions: [email protected]

Copyright © 2015 - 2024 - Recent Slot Releases is part of HIPTHER Agency. Registered in Romania under Proshirt SRL, Company number: 2134306, EU VAT ID: RO21343605. Office address: Blvd. 1 Decembrie 1918 nr.5, Targu Mures, Romania