The startling Kaspersky findings presented during the ‘Kaspersky Cyber Security Weekend in Da Nang, Vietnam, reveal that an alarmingly high number (5.7 million) of Steam accounts were compromised by infostealer malware in 2024
A new threat research from Kaspersky Digital Footprint Intelligence (DFI) team has brought to limelight an alarming case of gaming account credential leaks. The one-of-its-kind Kaspersky study reveals that as high as 11 million gaming account credentials were leaked in 2024 alone. Presented during the high-profile “Kaspersky Cyber Security Weekend” APAC security meet on 5th August, 2025 in Da Nang, Vietnam, the findings are clearly an eye-opener. They show that 5.7 million Steam accounts were compromised by infostealer malware in the previous year. This notorious malware was also responsible for the leakage of 6.2 million accounts related to other global gaming platforms, such as Epic Games Store, Battle.net, Ubisoft Connect, GOG, and EA app.
Kaspersky Digital Footprint Intelligence analyzed leaked Steam credentials associated with APAC countries, based on data from malware log files. Nearly 163,000 leaked credentials were associated with Thailand, followed by the Philippines with 93,000 compromised login-password pairs. Vietnam rounded out the top three with nearly 88,000. In contrast, the lowest numbers were observed for accounts associatedwith China, Sri Lanka, and Singapore, with approximately 19,000, 11,000, and 4,000 credentials, respectively.
The APAC region has firmly established itself as the global epicenter of gaming. According to a recent report, more than half of the world’s gamers are based here, with markets such as China, India, Japan, South Korea, and emerging Southeast Asian economies contributing to this dominance. The region’s rapid digital adoption, widespread mobile penetration, and youth-driven demand have fueled exponential growth across both casual and competitive gaming segments.
With close to 1.8 billion players and rising, the gaming ecosystem in APAC is not only the largest by volume but also among the most influential in shaping global gaming trends and behaviors. Thus, it does not come as a surprise that the region is fast-becoming a breeding ground for a data-stealingclass of cyber threats.
“Cybercriminals often release stolen log files months — or even years — after the original compromise,” explains Polina Tretyak, a Digital Footprint Intelligence Analyst at Kaspersky. “Even credentials stolen years ago can resurface on dark web forums, contributing to a growing pool of leaked information. As a result, the number of compromised gaming accounts is likely much higher than what is immediately visible”.
She adds, “It’s important for people to understand that infostealer threats aren’t always instant or obvious. In case one suspects they have been attacked, running a security check and deleting a malware is a first recommended step. In general, regularly updating passwords an avoiding reuse across platformscan help reduce personal risk”.
How gaming threats may affect businesses – in APAC and beyond
Modern businesses may not consider themselves part of the gaming ecosystem, but they still can be in danger – for example, through employees registering on entertainment platforms using a corporate email address.Kaspersky Digital Footprint Intelligence study shows that 7% of Netflix, Roblox, and Discord users whose accounts were leaked registeredthere using a corporate email address.
The fact that employees may be using corporate emails to register for personal services, including games, introduces cybersecurity risks. Polina Tretyak noted that if the corporate email is exposed in an infostealer leak, it could potentially open the door to broader corporate threats. “For example, attackers may reach out to an employee and lure them into installing a malware on a corporate device or brute force the password. If the password uses predictable patterns—such as ‘Word2025!’, it may take just around an hour or less. Also, fraudsters may gain access to various non-corporate systems under employee accounts and retrieve some important data, as well as access the company’s resources”, elaborated Tretyak.
Infostealers are often disguised as cracked games, cheat software, or unofficial mods. They are used by threats actors looking to steal sensitive information of any kind. Their primary target is account passwords, crypto wallet credentials, credit card details, and browser cookies. Once exfiltrated, the stolen data is traded or offered for free on darknet platforms, and may be used by other cybercriminals for further attacks.
Aside from the harm infostealers can inflict, this malicious package is particularly dangerous in hybrid and bring-your-own-device (BYOD) environments common across APAC, where personal and work-related activities often coexist on the same device.
How to build defenses against infostealers
If you as an individual encounter a data leak through infostealers, the following steps should be taken immediately:
- Firstly, run full security scans on all devices, removing any detected malware.
- Second step is changing compromised account passwords.
- It is also recommended to monitor for suspicious activity associated with the accounts affected by infostealers.
Companies should monitor dark web markets proactively to detect compromised accounts before they pose risks to customers or employees. Kaspersky Digital Footprint Intelligence enables them to track what cybercriminals know about their company’s assets, identify potential attack vectors, and implement protective measures in a timely manner.
