It has been reported that hackers managed to steal the passwords of about 2.5 million individuals who use XBOX 360 and PSP ISO forums.
According to Troy Hunt, who runs the websites, Have I Been Pwned, that details hacking exploits against websites, the unidentified hackers managed to breach the security features of these popular gaming forums and access all the personal information of the users of the affected accounts.
It is not clear how the hackers managed to pull off the hacking job since no hacking groups claimed responsibility for the attack when it first occurred back in September 2015, it has been reported.
Experts are expressing shock at the amount of information that the hackers managed to use and the manner in which the hackers have managed to operate silently and avoid detection.
According to Jonathan Sanders of Liberman Software, a cyber security firm, it is clear that the hackers took advantage of the tendency of many people to use similar credentials for various sites.
‘Although we expect gamers to be tech savvy, it is possible that many people who were using these forums at the time when the hackers attacked were sharing login credentials among various sites,’ he pointed out.
He added that if this is the case, the hackers must have had taken advantage of the situation and accessed a lot of information about their users from the other sites where the users have accounts.
It is not clear how the hacking was discovered. However, it has been reported that users have been advised to change their login credentials as a measure to counter the activities of the hackers.
However, concerns have been raised about the effect of users of the forums changing their passwords at this time, given that the hacking occurred about 17 months ago.
Jeff Hill, of Prevalent Management, a cybersecurity firm, points out that it is inconsequential for users to rush to change their passwords at this time.
‘This incident once again underscores the importance of people using different passwords for their various accounts rather than sharing login credentials among various sites,’ he adds.
He added that it is possible the hacking job was discovered only after the hackers had been through with using the data that they had stolen.
The two companies operating the gaming forums, Microsoft and Sony, have remained silent about the incident so far.