Connect with us
SIS

Industry News

MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability

George Miller

Published

on

MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability
Reading Time: 3 minutes

Attackers could exploit the SQL Injection flaw to compromise the game’s database and steal user data.

The CyberNews.com Investigation team discovered a critical vulnerability in Street Mobster, a browser-based massively multiplayer online game created by Bulgarian development company BigMage Studios.

Street Mobster is a free to play, browser-based online game in the mafia empire genre where players manage a fictional criminal enterprise. The game boasts a 1.9+ million player base and stores a user record database that can be accessed by threat actors by committing an SQL Injection (SQLi) attack on the game’s website.

Other games created by BigMage Studios are also potentially vulnerable to the same type of attack, which means that there is a possibility that even more users might be at risk.

The records that can be compromised by exploiting the SQLi vulnerability in Street Mobster potentially include the players’ usernames, email addresses, and passwords, as well as other game-related data that is stored on the database.

Fortunately, after we reported the vulnerability to BigMage Studios, CERT Bulgaria, and the Bulgarian data protection authority, the issue has been fixed by the developers and the user database is no longer accessible to potential attackers.

What is SQL Injection?

First found back in 1998, SQLi is deemed by the Open Web Application Security Project (OWASP) as the number one web application security risk.

Even though this vulnerability is relatively easy to fix, researchers found that 8% of websites and web applications are still vulnerable to SQLi attacks in 2020. Which, from a security perspective, is inexcusable. So much so, in fact, that UK internet service provider TalkTalk was hit with a record £400,000 fine over succumbing to a cyberattack that involved SQLi.

The vulnerability works by injecting an unexpected payload (a piece of code) into the input box on the website or in its URL address. Instead of reading the text as part of the URL, the website’s server reads the attacker’s payload as code and then proceeds to execute the attacker’s command or output data that would otherwise be inaccessible to unauthorized parties. Attackers can exploit SQLi even further by uploading pieces of code or even malware to the vulnerable server.

The fact that Street Mobster is susceptible to SQLi attacks clearly shows the disappointing and dangerous neglect of basic security practices on the part of the developers at BigMage Studios.

 

How we found this vulnerability

Our security team identified an SQL Injection vulnerability on the Street Mobster website and were able to confirm the vulnerability by performing a simple command injection test on the website URL. The CyberNews team did not extract any data from the vulnerable Street Mobster database.

What’s the impact of the vulnerability?

The data in the vulnerable Street Mobster database can be used in a variety of ways against the players whose information was exposed:

By injecting malicious payloads on Street Mobster’s server, attackers can potentially gain access to said server, where they can install malware on the game’s website and cause harm to the visitors – from using the players’ devices to mine cryptocurrency to redirecting them to other malicious websites, installing malware, and more.

The 1.9 million user credentials stored on the database can net the attackers user email addresses and passwords, which they can potentially use for credential stuffing attacks to hack the players’ accounts on other gaming platforms like Steam or other online services.

Because Street Mobster is a free-to-play game that incorporates microtransactions, bad actors could also make a lot of money from selling hacked player accounts on gray market websites.

What to do if you’ve been affected?

If you have a Street Mobster account, make sure to change your password immediately and make it as complex as possible. If you’ve been using your Street Mobster password on any other websites or services, change that password as well. This will prevent potential attackers from accessing your accounts on these websites in case they try to reuse your password for credential stuffing attacks.

However, it’s ultimately up to BigMage Studios to completely secure your Street Mobster account against attacks like SQLi.

Disclosure and lack of communication from BigMage Studios

Following our vulnerability disclosure guidelines, we notified the BigMage Studios about the leak on August 31, 2020. However, we received no reply. Our follow-up emails were left unanswered as well.

We then reached out to CERT Bulgaria on September 11 in order to help secure the website. CERT contacted the BigMage Studios and informed the company about the misconfiguration.

Throughout the disclosure process, BigMage Studios stayed radio silent and refused to get in touch with CyberNews.com. Due to this reason, we also notified the Bulgarian data protection agency about the incident on October 9 in the hopes that the agency would be able to pressure the company into fixing the issue.

Eventually, however, BigMage Studios appear to have fixed the SLQi vulnerability on streetmobster.com, without informing either CyberNews.com or CERT Bulgaria about that fact.

 

Source

Industry News

Trading the past for the future – an AllSported white paper

Zoltan Tundik

Published

on

Photo by Nicholas Cappello on Unsplash
Reading Time: 2 minutes

 

Another lockdown has come and gone in the UK and luckily the good news and main difference from the first global shutdown is the continuation of major sporting events, including all racing, taking place behind closed doors. While not only is this good for our own mental health to get through the colder winter days, it is also critical for our industry.

The lack of elite sport throughout March, April and May was crippling for many. AllSported, the leading trading racing trading solution from Racing Post, recently released a research paper – Trading the past for the future – looking at the state of play in the trading industry post lockdown. The paper discusses how the exchanges are playing a huge role in pricing and look at what is next for the trading floor.

The damage from a complete wipeout of sport and of course the wider economic issues resulting from a global pandemic are still to be played out in full. While the gambling world is most definitely not bulletproof to wider economic factors there is a sense that this is not the only cause in the dropoff. As part of the research contributors from Banach Technology and TXODDS, partners in AllSported, take a deep dive into how the pandemic is highlighting changes across the trading landscape.

The paper discusses how horseracing bookmaking is a different beast and the nuances involved aren’t being accounted for with ready-made solutions. The AllSported team spent some time speaking to both operators and platform providers and have come up with what they agree to be the main issues. The panel assembled came up with varying opinions throughout the research paper.

Key researcher and Head of Trading Solutions Alan Casey discussed the depth of the white paper and the effects of 2020 on horseracing trading saying:

‘2020 has been a year like no other but from our research, we’re seeing that this year has accelerated change that was already taking place rather than completely changing the direction of the industry. We now know customers have more time to expect the best customer experience and will no longer accept the norm across any industry and that includes betting.

‘We’ll be discussing the findings at this weeks Betting on Sports America conference and we’re excited to share what we’ve found and how that’s going to shape racing trading going forward.’

Download AllSported, Trading the past for the future from Spotlight Sports Group here.
Continue Reading

Industry News

How to win at Online Casino Games

Zoltan Tundik

Published

on

Photo by Sergey Zolkin on Unsplash
Reading Time: 2 minutes

 

Online casino comes with lots of benefits. The rate and size of winning at online casinos are higher than the brick and mortar casinos. Players have the opportunity to shop around for casinos that offer more attractive bonuses and promotions. With land-based casinos, this is almost impossible. With online casino, you’ll find huge collections of games and many opportunities to win. If you’re new to online gaming or you’re looking for better strategies to make more money at online casino games, the tips shared by lvbet.lv in this post will be of great help to you.

Winning Tips at Online Casino Games

  • Sign up with a good online casino

Your gaming experience is determined largely by the online casino you sign up with. You need to research to find a good casino that can offer you everything that will make your casino experience exciting. You should sign up with a casino with a huge game collection. It should also have a transparent and fair gaming system. The payment options and customer supports are also critical things to check out for. Some other things you should look out for in an online casino include the licenses and regulation of the casino, players’ reviews, game options, years of existence, bonuses and promotions, wagering requirements, reliability and reputable, and others.

  • Check out the Offers

Online casinos offer bonuses and promotions to attract and retain players. Although this is a marketing strategy, you can still take advantage of the offer and make some winnings from it. Some casino sites offer promotions and bonuses with minimal requirements. Some others offer free spins to let you try new games. Check out all the offers and settle for the ones that will earn you the best money without much investment.

  • Focus on Games that you’re good at

It’s normal to want to try out new games. However, if you want to make money while playing, it’s better to stick to games that you’re familiar with, especially if you’re playing for real money. You can use free spins to try new games but if you’re investing money, stay with games that you understand. Before you start playing a game with real money, ensure you understand the rules and strategies of the game. Practice as much as you can before you play for money.

  • Give the Big Jackpot a try

Of course, most jackpot games depend on luck but nothing says lady luck can’t smile on you. If you want to make big money at an online casino, jackpots are the best way to get it. However, before you place a wager, understand that the bigger your potential winning, the bigger the risk you’re exposed to. Make sure you understand this before you commit your money.

  • Gamble Responsibly

Don’t gamble with money you cannot afford to lose. There’s nothing guaranteed with gambling. The chances you have to win are the same you have to lose. Therefore, count your cost before you go into it.

Conclusion

Now that you know what you can do to make more money in your online casino games, it’s time to get started. However, always check the wagering requirements of any offer before you accept it.

 

Continue Reading

Industry News

Elys Game Technology Appoints Matteo Monteverdi as CEO

Niji Narayan

Published

on

Elys Game Technology Appoints Matteo Monteverdi as CEO
Reading Time: < 1 minute

 

Elys Game Technology has announced the appointment of Matteo Monteverdi as its Chief Executive Officer, effective 1 January 2021.

Monteverdi served as an independent strategic advisor to the Company since March 2020, and in September 2020 was appointed as the President. Michele Ciavarella will continue in his current role as Executive Chairman of the Company.

“We are honored to welcome one of most accomplished and recognized gaming executives in the industry to our team. Matteo brings over 20 years of industry experience, including an amazing track record in the betting, gaming and technology sectors. In the short time since joining the Company, he has already demonstrated his leadership and continuous innovation. We believe his experience in driving organic revenue growth, combined with his background in M&A, will help accelerate growth in both our online and land-based retail channels,” Michele (Mike) Ciavarella, Chairman and CEO of Elys Game Technology, said.

“Over the past 9 months, I have had an opportunity to fully immerse myself with the Elys team, customers, and technologies. I can confidently state that Elys has built a first-class operation with a strong product foundation and has tremendous potential waiting to be unleashed. Given the convergence of shifts in the US regulatory landscape and technological innovation, Elys is positioned to capitalize on emerging trends as sport betting evolves into new forms of entertainment at the intersection of media and gaming. The Company offers a differentiated omni-channel framework that provides a distinct competitive advantage in this market. Overall, I believe Elys has the potential to become a market leader and capture a significant share of the i-gaming and sports betting markets in Europe and the Americas,” Monteverdi said.

Continue Reading
Advertisement
NSoft
Advertisement
EvoPlay Entertainment

Subscribe to our News via Email

Enter your email address to subscribe to our news and receive notifications of new posts by email.

Trending

Notice for AdBlock users

We are constantly showing banners about important news regarding events and product launches. Please turn AdBlock off in order to see these areas.