Over 36 million AI, gaming credentials compromised by infostealers in 3 years: Report
New Delhi, Feb 29: Investigating the dark web market for credential theft from popular AI and gaming websites, the researchers on Thursday said that more than 36 million credentials (logins and passwords) were compromised by infostealers in the past three years.
According to the cybersecurity company Kaspersky, 34,000,000 Roblox users’ credentials were compromised with malware and leaked on the dark web over the past three years. This figure rose by 231 percent from roughly 4,700,000 in 2021 to 15,500,000 in 2023.
"The reason behind such high volumes of thefts of login credentials associated with Roblox is that children are among the most vulnerable audiences, as they are susceptible to various kinds of social engineering," said Yuliya Novikova, head of Kaspersky Digital Footprint Intelligence.
Credentials from various AI services -- image editing, translation, text tuning, chatbots, to voice generators -- are being compromised due to their growing popularity, the researchers noted.
Over the past three years, about 1,160,000 application users' credentials from AI-powered online graphic design tool Canva were compromised with data-stealing malware.
Another popular AI writing assistant, Grammarly, had around 839,000 user credentials stolen between 2021 and 2023, the report said.
"The credential compromises in question stem from infostealer activity, a specialised form of malware designed to steal user credentials for cyberattacks, dark web sales, or other malicious activities," Novikova said.
"Both personal and corporate devices can be infected by infostealers through phishing emails or websites, public-faced sites with malicious content, and various other means," she added.