Latest News
MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability


Attackers could exploit the SQL Injection flaw to compromise the game’s database and steal user data.
The CyberNews.com Investigation team discovered a critical vulnerability in Street Mobster, a browser-based massively multiplayer online game created by Bulgarian development company BigMage Studios.
Street Mobster is a free to play, browser-based online game in the mafia empire genre where players manage a fictional criminal enterprise. The game boasts a 1.9+ million player base and stores a user record database that can be accessed by threat actors by committing an SQL Injection (SQLi) attack on the game’s website.
Other games created by BigMage Studios are also potentially vulnerable to the same type of attack, which means that there is a possibility that even more users might be at risk.
The records that can be compromised by exploiting the SQLi vulnerability in Street Mobster potentially include the players’ usernames, email addresses, and passwords, as well as other game-related data that is stored on the database.
Fortunately, after we reported the vulnerability to BigMage Studios, CERT Bulgaria, and the Bulgarian data protection authority, the issue has been fixed by the developers and the user database is no longer accessible to potential attackers.
What is SQL Injection?
First found back in 1998, SQLi is deemed by the Open Web Application Security Project (OWASP) as the number one web application security risk.
Even though this vulnerability is relatively easy to fix, researchers found that 8% of websites and web applications are still vulnerable to SQLi attacks in 2020. Which, from a security perspective, is inexcusable. So much so, in fact, that UK internet service provider TalkTalk was hit with a record £400,000 fine over succumbing to a cyberattack that involved SQLi.
The vulnerability works by injecting an unexpected payload (a piece of code) into the input box on the website or in its URL address. Instead of reading the text as part of the URL, the website’s server reads the attacker’s payload as code and then proceeds to execute the attacker’s command or output data that would otherwise be inaccessible to unauthorized parties. Attackers can exploit SQLi even further by uploading pieces of code or even malware to the vulnerable server.
The fact that Street Mobster is susceptible to SQLi attacks clearly shows the disappointing and dangerous neglect of basic security practices on the part of the developers at BigMage Studios.
How we found this vulnerability
Our security team identified an SQL Injection vulnerability on the Street Mobster website and were able to confirm the vulnerability by performing a simple command injection test on the website URL. The CyberNews team did not extract any data from the vulnerable Street Mobster database.
What’s the impact of the vulnerability?
The data in the vulnerable Street Mobster database can be used in a variety of ways against the players whose information was exposed:
By injecting malicious payloads on Street Mobster’s server, attackers can potentially gain access to said server, where they can install malware on the game’s website and cause harm to the visitors – from using the players’ devices to mine cryptocurrency to redirecting them to other malicious websites, installing malware, and more.
The 1.9 million user credentials stored on the database can net the attackers user email addresses and passwords, which they can potentially use for credential stuffing attacks to hack the players’ accounts on other gaming platforms like Steam or other online services.
Because Street Mobster is a free-to-play game that incorporates microtransactions, bad actors could also make a lot of money from selling hacked player accounts on gray market websites.
What to do if you’ve been affected?
If you have a Street Mobster account, make sure to change your password immediately and make it as complex as possible. If you’ve been using your Street Mobster password on any other websites or services, change that password as well. This will prevent potential attackers from accessing your accounts on these websites in case they try to reuse your password for credential stuffing attacks.
However, it’s ultimately up to BigMage Studios to completely secure your Street Mobster account against attacks like SQLi.
Disclosure and lack of communication from BigMage Studios
Following our vulnerability disclosure guidelines, we notified the BigMage Studios about the leak on August 31, 2020. However, we received no reply. Our follow-up emails were left unanswered as well.
We then reached out to CERT Bulgaria on September 11 in order to help secure the website. CERT contacted the BigMage Studios and informed the company about the misconfiguration.
Throughout the disclosure process, BigMage Studios stayed radio silent and refused to get in touch with CyberNews.com. Due to this reason, we also notified the Bulgarian data protection agency about the incident on October 9 in the hopes that the agency would be able to pressure the company into fixing the issue.
Eventually, however, BigMage Studios appear to have fixed the SLQi vulnerability on streetmobster.com, without informing either CyberNews.com or CERT Bulgaria about that fact.
Source: Latest News on European Gaming Media Network
This is a Syndicated News piece. Photo credits or photo sources can be found on the source article: MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability

Latest News
Invitation to Kambi’s third quarter 2025 result presentation
Reading Time: < 1 minute
Kambi Group plc’s result for the third quarter 2025 will be announced on Wednesday 5 November at 7.45 CEST. Kambi invites analysts, investors, and media to a presentation of the report at 10.00 CEST.
The presentation will be held in English by Kambi’s CEO Werner Becher and CFO David Kenyon and can be accessed using the links below. After the presentation there will be the opportunity to ask questions.
Webcast: If you wish to participate via webcast please use the link below. Via the webcast you are able to ask written questions. :edge.media-server.com/mmc/p/qrrugvox
Teleconference: If you wish to participate via teleconference please register on the link below. After registration you will be provided phone numbers and a conference ID to access the conference. You can ask questions verbally via the teleconference.: register-conf.media-server.com/register/BI543b2e9c60b54630b42e7bd0c0751f6e
The post Invitation to Kambi’s third quarter 2025 result presentation appeared first on European Gaming Industry News.
Latest News
National Platform Expands Its International Network of Partners: Memorandum Signed with IBIA
Reading Time: < 1 minute
The National Platform of Sports Integrity of Ukraine and the International Betting Integrity Association (IBIA) have signed a memorandum of understanding.
IBIA is the is the leading global voice on integrity for the regulated betting industry. It brings together more than 90 sports betting operators and over 200 brands across six continents. IBIA’s global monitoring network tracks over USD 300 billion in betting activity annually, detecting suspicious patterns in real time.
The organisation works closely with major international sports institutions such as FIFA, UEFA and the IOC, as well as with national gambling regulators worldwide.
The signing of the Memorandum opens new opportunities for the National Platform in identifying and countering sports competition manipulation, in particular:
- access to IBIA’s Monitoring and Alert Platform;
- the ability to receive alerts on suspicious betting patterns related to matches involving Ukrainian teams or athletes; and
- strengthened international cooperation on sports integrity.
The National Platform stated: “Cooperation with IBIA allows us to integrate into the global system for safeguarding sports integrity. For Ukraine, this represents a qualitatively new level of detection and prevention of competition manipulation. We gain access to advanced international response mechanisms and become part of the worldwide network fighting corruption in sport.”
Khalid Ali, CEO of IBIA stated: “IBIA is delighted to be able to reach this important agreement with the Ukraine National Platform for combating competition manipulation. The move maintains our approach of widening our global integrity collaborations and partnerships and aligns with our Mission 2030 strategic objectives.”
The post National Platform Expands Its International Network of Partners: Memorandum Signed with IBIA appeared first on European Gaming Industry News.
Latest News
Ygam achieve milestone of reaching 5 million young people
Reading Time: 2 minutes
Ygam has now surpassed the milestone of reaching an estimated five million children and young people across the UK through its portfolio of prevention programmes.
Founded in 2014, Ygam has now delivered its award-winning training and resources on gaming and gambling harms to over 32,000 delegates.
Ygam’s reach extends beyond the education sector, with training delivered to more than 5,500 professionals working across health and social care — including hospitals, health boards, GP surgeries, and community nursing settings. This work, aligned with a public health approach to preventing gambling harms, has directly contributed to the digital safeguarding of nearly half a million children and young people accessing health services.
With growing concerns from parents and carers about the role of gaming and gambling in the wider online safety conversation, Ygam has become a trusted and respected source of advice and guidance for families. The charity has delivered workshops to more than 4,500 parents and carers.
Ygam is a national charity with a footprint across every region of England, Wales, Scotland, and Northern Ireland, and a presence in 64 of the UK’s 76 cities.
Ygam’s work has also seen a significant increase in the longevity of its reach, with nearly 100,000 resource downloads of its award-winning resources, and at least 50% of educators implementing these materials into their lessons.
Helen Martin, Interim CEO of Ygam, said: “This milestone is more than just a number – it’s a reflection of the positive impact we’re making in every corner of the UK. We’re incredibly proud of the growing community that shares our passion for safeguarding children’s wellbeing in an increasingly complex digital world, where gaming and gambling are more accessible than ever. From schools to sports clubs, parents to practitioners, and colleges to community centres, we’re raising awareness through the powerful tool of education. As we mark this extraordinary achievement, the demand for our resources has never been greater. We remain committed to expanding our reach and deepening our impact, ensuring that every child has the knowledge and confidence to navigate the risks of gaming and gambling harms.”
But there’s so much more to do – help us reach the next 5 million…
The post Ygam achieve milestone of reaching 5 million young people appeared first on European Gaming Industry News.
-
Latest News3 months ago
Light & Wonder to Participate in the 2025 Australasian Gaming Expo
-
Latest News2 months ago
ReferOn Shortlisted for Acquisition & Retention Partner of the Year at SBC Lisbon 2025
-
Latest News3 months ago
Gavin Hamilton Joins Sports & Wellbeing Analytics as Chairman to Accelerate Global Expansion
-
Latest News2 months ago
Duels for Friends in Trophy Hunter. Invite your friends and create a shared space for fun and competition.
-
Latest News2 months ago
BC.GAME Launches “Nezha” Slot with Up to 46,656 Ways to Win and 10,000x Max Payout
-
Latest News3 months ago
Uzbekistan Introduces Penalties for Illegal Gambling Operations
-
Latest News4 weeks ago
Announcement: 25th September 2025
-
Latest News2 months ago
NODWIN Gaming Acquires Sony Interactive Entertainment’s Stake in Evo; Becomes Majority Holder
You must be logged in to post a comment Login