A data breach of two popular gaming forums has exposed the account details of 2.5 million users, potentially opening up their other online accounts to attack by hackers.
The Xbox 360 and PSP ISOs, which host game download files, were hacked in September 2015. That’s according to security expert Troy Hunt’s Have I Been Pwned? website, which tracks data breaches.
Even if users didn’t have financial details stored on the sites, the information could be used to break into other sites if users have the same password for different accounts.
“Often people using seemingly low-security websites don’t enforce good password security because it’s not a financial target,” said Mark James, IT security specialist at ESET, “But all data has a value and will be reused for other purposes. Every website should be treated as unique and require different passwords with a mix of usernames if possible.”
“Breach after breach has shown that using the same username and password for multiple sites is a bad idea,” said security expert Jonathan Sander of Lieberman Software. “If the Xbox and PSP crew haven’t learned that they can’t use the same email and password on every service by now, then likely it is game over for their personal data.”