An unidentified hacker breached the Xbox 360 ISO and PlayStation Portable ISO forums and compromised 2.5 million user accounts, according to security researacher Troy Hunt.
The breach, which took place in September 2015 but was only recently disclosed, compromised email addresses, passwords and IP addresses, the Daily Mail reports.
The hacker's likely aim was to profit financially from the stolen information. "Data breaches are often sold via darkweb sites or within closed trading circles," Hunt told the Daily Mail.
Still, Willy Leichter, vice president of marketing at CipherCloud, told eSecurity Planet by email that while the attack targeted gaming forums, any large scale breach like this should concern businesses as well. "Users often use common passwords, security questions, or personal email addresses to access personal and work-related systems, making it easier for hackers to break into corporate networks and steal massive amounts of data," he said.
And while all users are being advised to change their passwords, Jeff Hill, director of product management at Prevalent, said it may be too late to make a difference. "The initial breach occurred in September 2015, giving the attackers 17 months to operate undetected, more than enough time to find and exfiltrate enough data to profit greatly from their efforts," he said.
"At this point, it’s not even clear the breach was actually detected -- possibly the attackers simply [wrung] as much return as possible out of their theft, and simply discarded the remaining useless data," Hill added. "In today’s cybersecurity environment, no metric is even remotely as critical as time-to-detection. Needless to say, 17 months lag time is not a good number."
A recent survey of 1,000 users of AnchorFree's Hotspot Shield software found that fully 85 percent of respondents are more concerned about their online privacy and security today than they were a year ago.
When asked wheir they were more concerned about their online security today, the leading reasons given by respondents were recent large-scale hacks (52 percent); the increased number of connected devices that contain personal information (52 percent); and the respondents' own email or social media accounts had been hacked (44 percent).
Top privacy concerns cited by respondents included having their personal information stolen and sold (62 percent); having their personal information used against them (58 percent); companies collecting and sharing their personal information (52 percent); surveillance or exposure of their location, preferences and actions (44 percent); and government surveillance of their online conversations (42 percent).