Symantec, the massive software company best known for their Norton Antivirus and security programs has recently uncovered a server hosting credentials for over 44 million stolen gaming accounts, with at least 18 gaming websites in its database. This raises many questions, like how such a massive number of accounts were stolen, and what anyone would do with them.
Symantec speculates that the accounts were stolen using malware with info-stealing abilities, and gives one such example. What is interesting is not so much the number of accounts, but how the accounts were being validated. The credentials were being verified by a Trojan, which was distributed to multiple computers. After all, 44 million accounts is an astronomical amount of information to sort through. The Trojan was distributed to several compromised computers to both help lessen the workload and to minimize repeated login failures.
So, what exactly does one do with millions of stolen gaming accounts? Well, it may surprise you to know that some websites actually make a business of buying and selling gaming accounts. Symantec provides a handy chart to break down how many of a particular game account were found on the database, and the value range of the gaming account. Of course, the value of an account varies greatly by what that account actually possesses: in other words, a high level characters with rare and powerful equipment is much more valuable than a low level account with low-level gear. World of Warcraft accounts range in value from $35 to $28,000, according to playerauctions.com, and Aion accounts can range from $150 to $1420.
Score one for Symantec for discovering this operation, as the server hosts a veritable gold mine if the thieves had found the right buyer.