APAC at epicenter as 11 million gaming accounts leaked in 2024: Kaspersky

Kaspersky’s analysis of leaked Steam credentials in APAC showed Thailand leading with nearly 163,000 compromised accounts, followed by the Philippines with 93,000 and Vietnam with 88,000, while China, Sri Lanka, and Singapore reported the lowest figures

New research from Kaspersky’s Digital Footprint Intelligence (DFI) team has revealed that 11 million gaming account credentials were leaked in 2024. The findings, shared at Kaspersky’s Cyber Security Weekend in Da Nang, Vietnam, show that infostealer malware was responsible for compromising 5.7 million Steam accounts last year. This same malware also led to the exposure of 6.2 million accounts linked to other major gaming platforms, including Epic Games Store, Battle.net, Ubisoft Connect, GOG, and the EA app.

Kaspersky’s analysis of leaked Steam credentials tied to APAC countries, based on malware log file data, found Thailand topping the list with nearly 163,000 compromised accounts. The Philippines followed with 93,000, and Vietnam ranked third with almost 88,000. The lowest counts were recorded for China, Sri Lanka, and Singapore, with around 19,000, 11,000, and 4,000 leaked credentials respectively.

The Asia-Pacific region has solidified its position as the global hub of gaming, home to more than half of the world’s gamers. Key markets such as China, India, Japan, South Korea, and emerging Southeast Asian economies continue to drive this dominance, fuelled by rapid digital adoption, widespread mobile access, and a young, gaming-savvy population. With close to 1.8 billion players, APAC’s vast and influential gaming ecosystem has also become a prime target for data-stealing cyber threats.

“Cybercriminals often release stolen log files months — or even years — after the original compromise,” explains Polina Tretyak, a Digital Footprint Intelligence Analyst at Kaspersky. “Even credentials stolen years ago can resurface on dark web forums, contributing to a growing pool of leaked information. As a result, the number of compromised gaming accounts is likely much higher than what is immediately visible”.

She adds, “It’s important for people to understand that infostealer threats aren’t always instant or obvious. In case one suspects they have been attacked, running a security check and deleting a malware is a first recommended step. In general, regularly updating passwords an avoiding reuse across platforms can help reduce personal risk.”

How gaming threats may affect businesses – in APAC and beyond

Modern businesses may not consider themselves part of the gaming ecosystem, but they still can be in danger – for example, through employees registering on entertainment platforms using a corporate email address. Kaspersky Digital Footprint Intelligence study shows that 7% of Netflix, Roblox, and Discord users whose accounts were leaked registered there using a corporate email address.

The fact that employees may be using corporate emails to register for personal services, including games, introduces cybersecurity risks. Polina Tretyak noted that if the corporate email is exposed in an infostealer leak, it could potentially open the door to broader corporate threats. “For example, attackers may reach out to an employee and lure them into installing a malware on a corporate device or brute force the password. If the password uses predictable patterns — such as 'Word2025!', it may take just around an hour or less. Also, fraudsters may gain access to various non-corporate systems under employee accounts and retrieve some important data, as well as access the company’s resources”, elaborated Tretyak.

Infostealers are often disguised as cracked games, cheat software, or unofficial mods. They are used by threats actors looking to steal sensitive information of any kind. Their primary target is account passwords, crypto wallet credentials, credit card details, and browser cookies. Once exfiltrated, the stolen data is traded or offered for free on darknet platforms, and may be used by other cybercriminals for further attacks.

Aside from the harm infostealers can inflict, this malicious package is particularly dangerous in hybrid and bring-your-own-device (BYOD) environments common across APAC, where personal and work-related activities often coexist on the same device.

How to build defenses against infostealers

If you as an individual encounter a data leak through infostealers, the following steps should be taken immediately:

·       Firstly, run full security scans on all devices, removing any detected malware.

·       Second step is changing compromised account passwords.

·       It is also recommended to monitor for suspicious activity associated with the accounts affected by infostealers.

Companies are recommended to monitor dark web markets proactively to detect compromised accounts before they pose risks to customers or employees. A detailed guide on setting up monitoring can be found here. Leverage Kaspersky Digital Footprint Intelligence to track what cybercriminals know about your company’s assets, identify potential attack vectors, and implement protective measures in a timely manner.