11 million game accounts stolen — and APAC is at the heart of it

If you play games online in Asia Pacific, there’s a chance your login is already in a cybercriminal’s shopping cart.

Kaspersky’s Digital Footprint Intelligence team says 11 million gaming accounts leaked in 2024 alone. Steam took the biggest hit, with 5.7 million accounts stolen via “infostealer” malware — malicious code often hidden inside cracked games, cheats, or shady mods. Another 6.2 million accounts from Epic Games Store, Battle.net, Ubisoft Connect, GOG, and EA also ended up exposed.

In APAC, the numbers sting: Thailand tops the list with 163,000 compromised Steam logins, followed by the Philippines (93,000) and Vietnam (88,000). At the low end, Singapore had 4,000. The region’s massive player base — 1.8 billion and counting — makes it a natural target for cyberthieves.

The trouble doesn’t stop at personal losses. Kaspersky found that 7% of leaked Netflix, Roblox, and Discord accounts were registered with corporate email addresses. That means a gaming breach could be the first step toward infiltrating a business network. A weak or predictable password like Word2025!? In a hacker’s hands, it could be cracked in under an hour.

Once stolen, credentials, credit card info, and even crypto wallet keys are sold or given away on dark web markets — often long after the initial infection. “Even years-old stolen data can come back to haunt you,” warns Kaspersky analyst Polina Tretyak.

Her advice: scan devices immediately if you suspect a breach, change passwords, and avoid reusing them. For companies, proactive dark web monitoring can catch leaks before they turn into full-blown incidents.

In short: your next big boss fight might not be in a dungeon — it could be against malware hiding in your game library.