Kaspersky’s Digital Footprint Intelligence (DFI) team has revealed that more than 11 million gaming account credentials were leaked globally in 2024 due to infostealer malware.

The figure includes 5.7 million Steam accounts and 6.2 million accounts from other platforms, such as Epic Games Store, Battle.net, Ubisoft Connect, GOG, and the EA app.

APAC emerges as a major target

An analysis of leaked Steam credentials linked to APAC countries shows Thailand leading with nearly 163000 compromised accounts, followed by the Philippines with 93000 and Vietnam with about 88000.

At the lower end, China saw around 19000, Sri Lanka about 11000, and Singapore roughly 4,000 compromised accounts.

The APAC region remains a global gaming hub, home to more than half of the world’s players. Its rapid digital adoption, high mobile penetration, and youth-driven demand have fuelled growth in both casual and competitive gaming.

With close to 1.8 billion players, the region’s size and influence make it a prime target for cybercriminal activity.

Delayed threat from Infostealers

Polina Tretyak, Digital Footprint Intelligence Analyst at Kaspersky, explained that stolen credentials can be leaked months or even years after the initial compromise.

This means the real number of affected accounts could be significantly higher. She advised users who suspect an attack to run a full device security scan, remove any malware found, and update their passwords, avoiding reuse across platforms.

Risks for businesses

While gaming breaches may seem unrelated to corporate security, using a work email to register for personal gaming or entertainment accounts can create vulnerabilities.

Kaspersky found that 7% of leaked Netflix, Roblox, and Discord accounts were registered with corporate email addresses. If these are exposed, attackers could target employees, gain access to work systems, or attempt password brute-force attacks. This is true especially if the password follows predictable patterns like “Word2025!”.

Hybrid and bring-your-own-device (BYOD) environments, which are common in APAC, further increase the risk as personal and work activities often share the same devices.

Defending against Infostealers

Infostealers are commonly disguised as cracked games, cheat tools, or unofficial mods. They are designed to steal passwords, crypto wallet keys, payment card details, and browser cookies.

Once stolen, the data is traded or given away on dark web platforms for further exploitation.

For individuals, Kaspersky recommends:

• Running a full malware scan on all devices.
• Changing passwords for compromised accounts.
• Monitoring for suspicious account activity.

For companies, it is recommended to monitor dark web markets for leaked corporate credentials and secure any potential attack points.

Using services like Kaspersky’s DFI can help track exposed assets and address vulnerabilities quickly.

For more details, visit www.dfi.kaspersky.com. Did this news catch your attention? Stay tuned for more news at TechNave!