Cybercriminals sold more than 1.2 million user records of the online game "Stalker Online" on a hacker forum.

CyberNews, the ethical hacking group that discovered the data breach, said hackers had access to players' personal data and sold it to the highest bidder.

Researchers found that two databases hosted on Shoppy.gg contained personal information such as usernames, passwords, e-mail addresses, phone numbers, and IP addresses for popular MMO games.

One of the databases contains more than 1.2 million user records and the other more than 136,000 user records, which are believed to have been sold individually on the black market for "several hundred euros worth of bitcoins."

Stalker Online, created by Australian studio BigWorld, is a free post-apocalyptic online game with a large user base in Russia and Eastern Europe. The game can be played in English and Russian.

CyberNews explains that the data breach exposed the game's lax security and that these records could be used to:

The organization claims that last month, while scanning the hacker community, it broke into the game discovered posts from hackers claiming to have broken into the game.

"We regularly visit darknet marketplaces and hacker communities to prevent cybercriminals from taking advantage of large-scale data breaches.

"In May, we noticed that a hacker posted a link to a page on the Stalker Online website that proved they had "personally hacked" and placed a "tag" on the server.

Researchers are not certain whether anyone actually purchased the records, but the fact that the storefront was up and running for almost a month suggests that a copy of the database containing 1.2 million user records may have been sold to multiple buyers on the black market, according to the He states.

Since discovering the breach, CyberNews has alerted the appropriate parties.

The researcher stated: "Per CyberNews guidelines, we immediately notified the developer and its parent company, Wargaming.net, about the leak and followed up several times, but received no response.

"We contacted shoppy.gg with a request to remove the digital storefront and were able to remove the database the same day."

Researchers urge Stalker Online users, especially those who use the same password for other online services, to change their passwords immediately.

"Using a unique password for each service you sign up for will help prevent credential-stuffing attacks in which an attacker can reuse your password to compromise multiple accounts.