New threat research from Kaspersky Digital Footprint Intelligence (DFI) team

reveals 11 million gaming account credentials were leaked in 2024. The findings presented during Kaspersky’s Cyber Security Weekend in Da Nang, Vietnam, show that 5.7 million Steam accounts were compromised by infostealer malware in 2024. This notorious type of malware also led to leakage of 6.2 million accounts related to other global gaming platforms: Epic Games Store, Battle.net, Ubisoft Connect, GOG, and EA app.

Kaspersky Digital Footprint Intelligence analyzed leaked Steam credentials associated with APAC countries, based on data from malware log files. Nearly 163,000 leaked credentials were associated with Thailand, followed by the Philippines with 93,000 compromised login-password pairs. Vietnam rounded out the top three with nearly 88,000. In contrast, the lowest numbers were observed for accounts associated with China, Sri Lanka, and Singapore, with approximately 19,000, 11,000, and 4,000 credentials, respectively.

The APAC region has firmly established itself as the global epicenter of gaming. According to a recent report, more than half of the world’s gamers are based here, with markets such as China, India, Japan, South Korea, and emerging Southeast Asian economies contributing to this dominance. The region’s rapid digital adoption, widespread mobile penetration, and youth-driven demand have fueled exponential growth across both casual and competitive gaming segments. 

With close to 1.8 billion players and rising, the gaming ecosystem in APAC is not only the largest by volume but also among the most influential in shaping global gaming trends and behaviors. Thus, it does not come as a surprise that the region is fast-becoming a breeding ground for a data-stealing class of cyber threats. 

“Cybercriminals often release stolen log files months — or even years — after the original compromise,” explains Polina Tretyak, a Digital Footprint Intelligence Analyst at Kaspersky. “Even credentials stolen years ago can resurface on dark web forums, contributing to a growing pool of leaked information. As a result, the number of compromised gaming accounts is likely much higher than what is immediately visible”.

She adds, “It’s important for people to understand that infostealer threats aren’t always instant or obvious. In case one suspects they have been attacked, running a security check and deleting a malware is a first recommended step. In general, regularly updating passwords and avoiding reuse across platforms can help reduce personal risk”.

How gaming threats may affect businesses – in APAC and beyond

Modern businesses may not consider themselves part of the gaming ecosystem, but they still can be in danger – for example, through employees registering on entertainment platforms using a corporate email address. Kaspersky Digital Footprint Intelligence study shows that 7% of Netflix, Roblox, and Discord users whose accounts were leaked registered there using a corporate email address. 

The fact that employees may be using corporate emails to register for personal services, including games, introduces cybersecurity risks. Polina Tretyak noted that if the corporate email is exposed in an infostealer leak, it could potentially open the door to broader corporate threats. “For example, attackers may reach out to an employee and lure them into installing a malware on a corporate device or brute force the password. If the password uses predictable patterns — such as 'Word2025!', it may take just around an hour or less. Also, fraudsters may gain access to various non-corporate systems under employee accounts and retrieve some important data, as well as access the company’s resources”, elaborated Tretyak. 

Infostealers are often disguised as cracked games, cheat software, or unofficial mods. They are used by threats actors looking to steal sensitive information of any kind. Their primary target is account passwords, crypto wallet credentials, credit card details, and browser cookies. Once exfiltrated, the stolen data is traded or offered for free on darknet platforms, and may be used by other cybercriminals for further attacks. 

Aside from the harm infostealers can inflict, this malicious package is particularly dangerous in hybrid and bring-your-own-device (BYOD) environments common across APAC, where personal and work-related activities often coexist on the same device.

How to build defenses against infostealers

If you as an individual encounter a data leak through infostealers, the following steps should be taken immediately:

●       Firstly, run full security scans on all devices, removing any detected malware.

●       Second step is changing compromised account passwords.

●       It is also recommended to monitor for suspicious activity associated with the accounts affected by infostealers.

Companies are recommended to monitor dark web markets proactively to detect compromised accounts before they pose risks to customers or employees. A detailed guide on setting up monitoring can be found here. Leverage Kaspersky Digital Footprint Intelligence to track what cybercriminals know about your company’s assets, identify potential attack vectors, and implement protective measures in a timely manner.

To know more about Kaspersky Digital Footprint Intelligence, visit www.dfi.kaspersky.com.