Security researchers have discovered roughly 500,000 breached employee credentials related to popular video game companies. Researchers also uncovered a million compromised internal accounts for sale on the dark web. Threat intelligence firm Kela moved to investigate the top 25 publicly listed companies in the sector, soon finding a thriving market on both the supply and demand side. Kela claims that one million compromised accounts related to employee and customer-facing resources were listed for sale last year.

The compromised accounts for sale are linked to internal resources such as VPNs, Jira instances, FTPs, SSOs, and admin panels. Almost all of the top 25 gaming companies studied had accounts for sale on dark web markets, which could put firms at risk of data theft, corporate espionage, ransomware, and other harmful attacks. Kela claims to have tracked ransomware attacks on four gaming companies in recent months, potentially due to the trove of compromised accounts available online.

Read More: One Million Compromised Accounts Found at Top Gaming Firms