Symantec Finds Server Containing 44 Million Stolen Gaming Credentials

A Symantec blog post reports that the company recently stumbled upon a server hosting the stolen credentials for 44 million game accounts. It goes on to explain how the owners of the server made use of a botnet to process that mountain of data: "Now it's time to turn those gaming credentials into hard cash. But how do you find out which credentials are valid and thus worth some money? Three options come to mind: 1) Log on to gaming websites 44 million times! 2) Write a program to log in to the websites and check for you (this would take months). 3) Write a program that checks the login details and then distribute the program to multiple computers. Option one naturally seems next to impossible. Option two is also not very feasible, since websites typically block IP addresses after multiple failed login attempts. By taking advantage of the distributed processing that the third option offers, you can complete the task more quickly and help mitigate the multiple-login failure problems by spreading the task over more IP addresses. This is what Trojan.Loginck's creators have done."

Re:I must be new here

[Monkeedude1212]

Don't tell me that people buy stolen creds and log into them just to take all their e-loot (worth thousands of e-dollars)? Oh for the love of humanity the things people will do in the name of wasting time.

No, this is often the people who STOLE the creds, log in, and sell the E-loot for REAL money. If you've never played WoW, Eve, or Runescape for more than a Month, I wouldn't expect you to understand. But this is a problem that does occur regularly.

Re:And if I did this...

[BForrester]

RTFA. This is not a case of Symantec hammering through random servers looking for bogeymen.

The very first sentence of the article states that the server was flagged from a new set of sample data submitted to Symantec. This is likely user data aggregated from Norton's threat detection network.