Connect with us

Industry News

MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability

Published

on

Reading Time: 3 minutes

Attackers could exploit the SQL Injection flaw to compromise the game’s database and steal user data.

The CyberNews.com Investigation team discovered a critical vulnerability in Street Mobster, a browser-based massively multiplayer online game created by Bulgarian development company BigMage Studios.

Street Mobster is a free to play, browser-based online game in the mafia empire genre where players manage a fictional criminal enterprise. The game boasts a 1.9+ million player base and stores a user record database that can be accessed by threat actors by committing an SQL Injection (SQLi) attack on the game’s website.

Other games created by BigMage Studios are also potentially vulnerable to the same type of attack, which means that there is a possibility that even more users might be at risk.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

The records that can be compromised by exploiting the SQLi vulnerability in Street Mobster potentially include the players’ usernames, email addresses, and passwords, as well as other game-related data that is stored on the database.

Fortunately, after we reported the vulnerability to BigMage Studios, CERT Bulgaria, and the Bulgarian data protection authority, the issue has been fixed by the developers and the user database is no longer accessible to potential attackers.

What is SQL Injection?

First found back in 1998, SQLi is deemed by the Open Web Application Security Project (OWASP) as the number one web application security risk.

Even though this vulnerability is relatively easy to fix, researchers found that 8% of websites and web applications are still vulnerable to SQLi attacks in 2020. Which, from a security perspective, is inexcusable. So much so, in fact, that UK internet service provider TalkTalk was hit with a record £400,000 fine over succumbing to a cyberattack that involved SQLi.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

The vulnerability works by injecting an unexpected payload (a piece of code) into the input box on the website or in its URL address. Instead of reading the text as part of the URL, the website’s server reads the attacker’s payload as code and then proceeds to execute the attacker’s command or output data that would otherwise be inaccessible to unauthorized parties. Attackers can exploit SQLi even further by uploading pieces of code or even malware to the vulnerable server.

The fact that Street Mobster is susceptible to SQLi attacks clearly shows the disappointing and dangerous neglect of basic security practices on the part of the developers at BigMage Studios.

 

How we found this vulnerability

Our security team identified an SQL Injection vulnerability on the Street Mobster website and were able to confirm the vulnerability by performing a simple command injection test on the website URL. The CyberNews team did not extract any data from the vulnerable Street Mobster database.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

What’s the impact of the vulnerability?

The data in the vulnerable Street Mobster database can be used in a variety of ways against the players whose information was exposed:

By injecting malicious payloads on Street Mobster’s server, attackers can potentially gain access to said server, where they can install malware on the game’s website and cause harm to the visitors – from using the players’ devices to mine cryptocurrency to redirecting them to other malicious websites, installing malware, and more.

The 1.9 million user credentials stored on the database can net the attackers user email addresses and passwords, which they can potentially use for credential stuffing attacks to hack the players’ accounts on other gaming platforms like Steam or other online services.

Because Street Mobster is a free-to-play game that incorporates microtransactions, bad actors could also make a lot of money from selling hacked player accounts on gray market websites.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

What to do if you’ve been affected?

If you have a Street Mobster account, make sure to change your password immediately and make it as complex as possible. If you’ve been using your Street Mobster password on any other websites or services, change that password as well. This will prevent potential attackers from accessing your accounts on these websites in case they try to reuse your password for credential stuffing attacks.

However, it’s ultimately up to BigMage Studios to completely secure your Street Mobster account against attacks like SQLi.

Disclosure and lack of communication from BigMage Studios

Following our vulnerability disclosure guidelines, we notified the BigMage Studios about the leak on August 31, 2020. However, we received no reply. Our follow-up emails were left unanswered as well.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

We then reached out to CERT Bulgaria on September 11 in order to help secure the website. CERT contacted the BigMage Studios and informed the company about the misconfiguration.

Throughout the disclosure process, BigMage Studios stayed radio silent and refused to get in touch with CyberNews.com. Due to this reason, we also notified the Bulgarian data protection agency about the incident on October 9 in the hopes that the agency would be able to pressure the company into fixing the issue.

Eventually, however, BigMage Studios appear to have fixed the SLQi vulnerability on streetmobster.com, without informing either CyberNews.com or CERT Bulgaria about that fact.

 

Source

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)
Continue Reading
Advertisement

Industry News

Evoke Announces the Establishment of a New Technology Committee

Published

on

evoke-announces-the-establishment-of-a-new-technology-committee
Reading Time: < 1 minute

 

Evoke, one of the world’s leading betting and gaming companies with internationally renowned brands including William Hill, 888 and Mr Green, announced the establishment of a new Technology Committee of the Board effective immediately.

The Committee will be chaired by Independent Non-Executive Director Susan Standiford. Non-executive Directors Limor Ganot and Ori Shaked will also be members of the Committee.

The Committee will provide Board-level oversight of evoke’s major technology investments and initiatives, ensuring alignment with business strategy, risk management and operational effectiveness.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

Jon Mendelsohn, Chairman of evoke, said: “In a world where technology is evolving at break-neck speed and in an industry where technology leadership is a core driver of sustainable success, our Technology Committee will play an important role in strengthening the Board’s governance and long-term strategy development. The Committee will focus on providing transparency and insight across our product, technology, data and operational initiatives as well as informing the Board and executive leadership on technology trends with the potential to shape the Group’s long-term competitive advantages.”

The post Evoke Announces the Establishment of a New Technology Committee appeared first on European Gaming Industry News.

Continue Reading

Gambling in the USA

Gaming Americas Weekly Roundup – May 19-25

Published

on

gaming-americas-weekly-roundup-–-may-19-25
Reading Time: 2 minutes

Welcome to our weekly roundup of American gambling news again! Here, we are going through the weekly highlights of the American gambling industry which include the latest news and new partnerships. Read on and get updated.

Latest News

Seminole Hard Rock Hotel & Casino Tampa has been named the luckiest casino in the US according to a recent study conducted by Casinos.com. The resort claimed the top spot based on an in-depth analysis of Tripadvisor reviews, measuring the frequency of luck-related keyword mentions. With a 25.49% luck rate, Seminole Hard Rock Tampa topped the list thanks to glowing guest feedback, including frequent mentions of jackpots, hand pays and bonus wins. 50 reviews mentioned the word “jackpot,” and 19 even referenced a “hand pay.” Casinos.com tracked keywords such as lucky, luck, won, winning, success, jackpot, hand pay, winner, bonus, profit to determine which U.S. casinos inspired the most winning moments among visitors.

The Missouri Gaming Commission has announced that it has officially begun accepting applications for sports betting license. The Commission made the announcement following the unanimous approval of a resolution drafted Tuesday that approved the licensing process. The resolution passed after Gov. Mike Kehoe’s office reviewed it. The licensing period opens roughly six months after Missouri voters narrowly approved a constitutional amendment legalising sports betting. The measure passed by less than half a percentage point, with a margin of less than 7500 votes.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

Underdog Fantasy has relaunched its draft-style daily fantasy sports (DFS) games in New York, nearly two months after it withdrew all of its DFS competitions from the Empire State. The decision to withdraw all DFS contests from New York in March came after a ruling from the New York State Gaming Commission in which the commission determined Underdog was not in line with the state’s current DFS law. An Underdog Fantasy spokesperson confirmed the company is still working under a temporary license. The New York State Gaming Commission agreed to allow the company to offer its draft DFS games with the temporary license. Most DFS companies in New York operate with a temporary license.

New Partnerships

Pollard Banknote Limited has congratulated the West Virginia Lottery on the successful launch of Royal Court Riches, its first eInstant game from the Pollard Digital Games Studio. Royal Court Riches has already demonstrated strong performance in multiple markets—in its first international launch, it achieved that jurisdiction’s highest tickets sold, total sales and gross gaming revenue within its first 30 days of release. Royal Court Riches is the first in a series of games from the Pollard Digital Games Studio slated to launch in West Virginia this year.

SYNOT Games has announced a new partnership with Caliente, one of Mexico’s top gaming platforms. This collaboration marks an exciting expansion for SYNOT Games, as it brings its acclaimed portfolio of gaming content to the Mexican market. It enhances Caliente’s offerings with an extensive array of high-quality slot games such as Respin Joker, Book of Secrets, Realm of Lions and Forest Maiden, designed to captivate players and boost engagement. Caliente with its strong presence in Latin America, is the perfect partner for SYNOT Games’ expansion into the region. The partnership aims to deliver an exceptional gaming experience, combining SYNOT’s visually rich, innovative games with Caliente’s extensive reach and reputation.

The post Gaming Americas Weekly Roundup – May 19-25 appeared first on European Gaming Industry News.

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)
Continue Reading

Industry Awards

Betsson Group Nominated in 14 Categories at the Women in Gaming Diversity Awards 2025

Published

on

betsson-group-nominated-in-14-categories-at-the-women-in-gaming-diversity-awards-2025
Reading Time: < 1 minute

 

Betsson Group has been nominated in 14 categories at the Women in Gaming Diversity & Employee Wellbeing Awards 2025, hosted by Clever Duck Media. These include five company-wide nominations and nine individual nominations for eight of its employees.

These annual awards celebrate excellence in equality, diversity, inclusion and employee wellbeing across the global gaming industry. Since its launch in 2010, the event has solidified its position as one of the global gaming industry’s most respected diversity accolades.

The categories in which Betsson Group and its employees have been shortlisted include:

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

Company Category Nominations:

Best Diverse Place to Work

Community Engagement

Company of the Year (Operator)

Diversity & Inclusion

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

Great Place to Work Award

Individual Category Nominations:

Affiliate Leader – Shakyra Jonsson

Employee of the Year (Operator) – Lisa Mifsud

Excellence in Customer Service – Gabriella Larsson

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

HR Champion (Operator) – Tamara Klibadze

Innovator – Lena Nordin

Inspiration of the Year (Operator) – Lena Nordin

Positive Role Model of the Year (Operator) – Lara Lombardi

Star of the Future (Operator) – Jessica Carrillo Miranda

Advertisement
Prague Gaming & TECH Summit 2025 (25-26 March)

Young Leader of the Year (Operator) – Chellyanne Cassar

These nominations reflect the company’s ongoing dedication to creating a workplace where employees feel valued, respected and empowered to succeed. At Betsson Group, diversity, equity and inclusion are more than buzzwords; they are embedded in the company’s culture, values and daily actions. In previous years, Betsson has been recognised at the WiG Diversity Awards for Best Diverse Place to Work (2022 and 2024), Company of the Year (2019 and 2022) and for Diversity & Inclusion (2021). For the individual categories, Betsson employees have previously won Excellence in Customer Service, Star of the Future and Young Leader of the Year.

The post Betsson Group Nominated in 14 Categories at the Women in Gaming Diversity Awards 2025 appeared first on European Gaming Industry News.

Continue Reading

Trending

Offering comprehensive coverage on all aspects of the gaming sector, our daily posts include online and land-based gaming, betting, esports, regulatory and compliance updates, and technological advancements. Regular features encompass daily news articles, press releases, exclusive interviews, and insightful event reports.

The platform also hosts industry-relevant webinars, and provides detailed reports, making it a one-stop resource for anyone seeking information about operators, suppliers, regulators, and professional services in the European gaming market. The portal's primary goal is to keep its extensive reader base updated on the latest happenings, trends, and developments within the gaming and gambling sector, with an emphasis on the European market while also covering pertinent global news. It's an indispensable resource for gaming professionals, operators, and enthusiasts alike.

Contact us: [email protected]

Editorial / PR Submissions: [email protected]

Copyright © 2015 - 2024 - Gaming News Room is part of HIPTHER Agency. Registered in Romania under Proshirt SRL, Company number: 2134306, EU VAT ID: RO21343605. Office address: Blvd. 1 Decembrie 1918 nr.5, Targu Mures, Romania