It can be said that leaks on the Internet are common. It can happen on all kinds of platforms that we use in our daily lives. It can even lead to password theft. In this case, we are replaying a data breach that affected half a million users due to a historical online game. Also, this is not the first time this has happened.
This has been leaked to the gaming site Chess.com. If you like chess, you’ve probably played it at some point. Moreover, it is also very popular among users who just want to play this game from time to time either on their mobile phones or computers.
More specifically, it is estimated that the data of 476,121 users who played this game online was leaked. A database containing data from hundreds of thousands of users has been leaked and is available on dark web forums. But it wasn’t the first time, as a few days ago data from more than 800,000 users was leaked.
But what information exactly was released? This includes users’ full name, profile links, email addresses, nationality, profile picture, username or registration date for this game. This type of personal data and information can be very valuable to network attackers. They can use it to impersonate a person or even launch phishing attacks.
From the gaming site Chess.com, they state that they were not victims of a computer attack. What happened was that cybercriminals were able to exploit the public API and their servers were not directly affected by the attack. They primarily used their API to collect public data from users. Even more worrying is the leaking of email addresses. They can create fake accounts that enable identity theft. This is a big issue that needs to be addressed so that security and privacy are not affected.
It is true that it is sometimes difficult to defend against these attacks. The platform you have registered may have a security vulnerability that you do not have the right to prevent. In addition, the so-called Web Scraping, which essentially removes public information from websites, further complicates the situation. However, you can always take measures to reduce the risks. For example, if they managed to get your email through a leak like what happened at Chess.com, it’s important that you keep your sanity. If you receive an email asking you to log in or provide certain information, never do so. You are probably facing a phishing attack.
Using a unique password for each Internet service we are registered with is necessary to protect other services. If someone managed to decrypt the passwords with our registration email during the leak, it could compromise our other accounts in a very simple way. For this reason, it is recommended to use a password manager and generate a random key for each service. Never reuse passwords or make minor changes to them.