Millions of gaming accounts exposed in 2024 data leaks

New research from Kaspersky’s Digital Footprint Intelligence (DFI) team shows that more than 11 million gaming account credentials were leaked in 2024. The findings were shared at Kaspersky’s Cyber Security Weekend in Da Nang, Vietnam. According to the study, 5.7 million Steam accounts were compromised through infostealer malware, while a further 6.2 million accounts linked to platforms such as Epic Games Store, Battle.net, Ubisoft Connect, GOG, and the EA app were also affected. The analysis of leaked Steam credentials in Asia-Pacific (APAC) showed Thailand had nearly 163,000 compromised accounts, followed by the Philippines with 93,000 and Vietnam with 88,000.

Smaller numbers were recorded in China, Sri Lanka, and Singapore. APAC has become the largest gaming region, home to about 1.8 billion players. Its strong growth and digital adoption also make it a target for cybercriminals. Stolen log files are often sold or shared months after the breach, making the total scale of exposure difficult to measure. Kaspersky analyst Polina Tretyak explained that compromised accounts may resurface years later, and advised users to update passwords regularly, avoid reusing them, and run security checks if they suspect an attack.

The research also showed that around 7% of leaked accounts on platforms like Netflix, Roblox, and Discord were registered with corporate email addresses, creating risks for businesses. Infostealers can open doors to wider corporate threats if work emails are exposed. Kaspersky advises both individuals and companies to monitor for leaks and strengthen defences against malware.