Traderie, an in-game trading marketplace, has informed its users about a recent data breach

0
515

Traderie, an in-game trading marketplace, has informed its users about a recent data breach that has compromised their personal information. The marketplace, owned by U.S.-based company Akrew, allows users to trade and sell in-game items from various popular titles. In addition to Traderie, the data breach has also affected Akrew’s Nookazon website, which enables gamers to trade and sell in-game items from Animal Crossing: New Horizons.

While Traderie has alerted affected users about the security incident, the company has not disclosed specific details about what user data was accessed or the exact number of individuals impacted by the breach. Traderie’s privacy policy indicates that the platform collects personally identifiable information, including email addresses, Discord and Twitter usernames, and log data such as IP addresses and browser information. The company claims to connect millions of video game players worldwide.

Notably, a post on the hacking forum BreachForums, which recently resurfaced after a shutdown in March, claims to possess more information about the data breach. In a post from early August, a user offered to sell data stolen from Traderie for $5,000 in Bitcoin. According to this user, as many as 2.6 million Traderie users may have been affected, with compromised information including email addresses, IP addresses, and online identifiers for various services like Discord, TikTok, Roblox, Xbox Live, Apple, Google, and more. The stolen data is also said to include some Stripe information, used by Traderie for payment processing, including customer IDs and subscription statuses.

Traderie, in its email to affected users, emphasized that it does not directly store user passwords and that any financial information is handled by the payment platform Stripe. The BreachForums post also alleges that Traderie experienced another breach in 2022 affecting about 400,000 users but did not inform the affected users and allegedly paid to prevent the breach from being disclosed.