Steam, Orgin and others fall victim of data leaks.
25 July 2021BREACHAWARE HQ
A total of 17 breach events
were found and analysed resulting in 16,240,307 exposed accounts
containing a total of 5 different data types of personal datum
. The breaches found publicly and freely available included Steam, Orgin, Spotify, Netflix, Hub, PayPal, LoL (Anonymous), Gaming, Shop, Music (Anonymous), Hitfinex, Candy ICO Monitoring (Anonymous) and Local Bitcoins. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Contact Data, Locational Data, Social Relationships Data, Technical Data.
Data Breach Analysis
This breach set touches on several high-risk categories of digital services, streaming, gaming, cryptocurrency, and e-commerce, each of which carries its own implications for user privacy and potential exploitation.Steam, Origin, Spotify, and Netflix are among the most widely used platforms globally. While breaches from these services may often include usernames, email addresses, and password hashes, the risk extends beyond immediate access. These platforms are commonly used with reused or weak credentials. Once exposed, login details are frequently tested across other sites in credential stuffing attacks. Moreover, for streaming services, accounts are often resold or traded on illicit marketplaces, creating a commercial incentive behind the breaches.
PayPal being included here raises the stakes substantially. As a financial platform, PayPal stores not only personally identifiable information but also links to users' bank accounts or credit cards. Even in cases where passwords are not exposed, phishing and social engineering risks increase when a user's association with PayPal is known.
Local Bitcoins, another financial platform, facilitates peer-to-peer cryptocurrency transactions. Given the semi-anonymous nature of cryptocurrencies, attackers may attempt to link public wallet data with real-world identities through these breaches.
The appearance of multiple entries labeled as Anonymous (e.g., LoL, Gaming, Shop, Music, Candy ICO Monitoring) suggests that the exact origin of these datasets is unclear. However, such breaches still present risk, especially when the data aligns with real user credentials. The use of service tags like “Gaming” or “Music” implies activity-based categorisation, perhaps from forums, third-party clients, or aggregate leaks combining smaller breaches. These anonymous sources highlight the difficulty of attribution and remediation when breached data lacks a clearly identifiable origin.
Hitfinex appears to be a variation of Bitfinex, a known cryptocurrency exchange. If this dataset relates to crypto users, even partial data such as login emails or password hashes may be used in attempts to phish users or compromise wallets elsewhere.
With only 5 different types of personal data reported in this breach set, the scope of exposed information is narrower than some other breach sets. Despite the relatively limited data variety, the presence of multiple financial and entertainment services still places users at significant risk. Even minimal information can be leveraged in social engineering, phishing campaigns, account takeovers, or black-market trading. For example, an attacker with a Netflix email-password combo might attempt to access that same user's PayPal or cryptocurrency wallet, especially if multi-factor authentication is not enabled.
In this set, the juxtaposition of high-trust platforms like PayPal and Local Bitcoins with pseudonymous or anonymous datasets indicates the layered and opportunistic nature of modern breaches. Users affected by this type of breach may not even be aware of the extent of their exposure if the platforms involved have not issued public notices.
The ongoing trend of cross-sector exposure, gaming, crypto, streaming, e-commerce, remains consistent. The attackers and leak distributors appear to be collecting and publishing diverse datasets that, when combined, offer fuller profiles for abuse or monetisation. The best course of action for users remains to use unique passwords per service, enable two-factor authentication wherever possible, and monitor financial and email accounts for suspicious activity.