Hackers steal data from millions of XBox and PlayStation gamers

hacker using laptop. lots of...
hacker using laptop. lots of...

The personal details of as many as 2.5 million people may have been stolen following a massive hack of two popular gaming forums.

The 'XBOX360 ISO' and 'PSP ISO' forums, where Xbox and Playstation gamers shared free games downloads, were reportedly hacked in 2015. However, the breach has only just come to light, after being unearthed by Australian security researcher Troy Hunt.

The sites aren't officially affiliated with Sony or Microsoft.

Are you using an easily-guessed password?

While it may be a case of locking the stable door after the horse has bolted, gamers who have used the sites are being warned to change their passwords - particularly any that they may have used on other sites as well.

"Data breaches are often sold via dark websites or within closed trading circles,' Hunt tells the Daily Mail.

"The prevalence of password reuse means that a relatively benign site can hold credentials that unlock far more valuable resources, for example, email or social media accounts."

Groupon customers say their bank accounts are being emptied

According to Hunt's HaveIBeenPwned website, around 1.3 million account details have been taken from the PSP ISO forum and 1.2 million from the Xbox360 ISO site.

Anybody that's worried that they may have been a victim can enter their email address into HaveIBeenPwned's online tool, here.

The hack is yet another reminder of the importance of what security experts call good password hygiene.

A report late last year from encryption firm WinMagic revealed that as many as one in four British workers regularly use the same passwords for work and personal accounts.

It means that if hackers access one site - maybe one which has no financial details on its users - they may be able to use the same login details to get at far more important data held elsewhere.

Six million have been victims of financial fraud

This technique is believed to have helped fraudsters access the details of tens of thousands of Camelot lottery customers in December.

If having a different password for each site seems a bit daunting, take heart: there are ways of making it easier to manage. The simplest is probably to use a password management service, such as Dashlane, LastPass or Keeper.