Cybersecurity company Kaspersky reported that the Philippines ranked second in Asia Pacific (APAC) for compromised gaming accounts in 2024, with around 93,000 leaked login-password pairs. Thailand had the highest number at nearly 163,000, while Vietnam followed closely with about 88,000.
The data came from the Kaspersky Digital Footprint Intelligence (DFI) team, which found that 11 million gaming account credentials were leaked globally last year. Of these, 5.7 million were Steam accounts, while 6.2 million came from other major gaming platforms such as Epic Games Store, Battle.net, Ubisoft Connect, GOG, and the EA app.
Kaspersky said the leaks were mostly caused by infostealer malware, a malicious program designed to steal sensitive data such as account passwords, crypto wallet credentials, credit card details, and browser cookies. These stolen details often end up traded or shared on dark web forums, sometimes months or even years after the initial attack.
“Cybercriminals often release stolen log files months, or even years, after the original compromise,” said Polina Tretyak, digital footprint intelligence analyst at Kaspersky. “Even credentials stolen years ago can resurface on dark web forums, contributing to a growing pool of leaked information. As a result, the number of compromised gaming accounts is likely much higher than what is immediately visible.”
While China, Sri Lanka, and Singapore recorded the lowest numbers in the region, with around 19,000, 11,000, and 4,000 compromised accounts respectively, Kaspersky warned that the APAC region remains the world’s largest gaming market. It is home to over half of the world’s 1.8 billion gamers, driven by widespread mobile use, high internet penetration, and strong interest in both casual and competitive gaming.
“In case one suspects they have been attacked, running a security check and deleting malware is the first recommended step,” Tretyak said. “In general, regularly updating passwords and avoiding reuse across platforms can help reduce personal risk,”
The report also found that 7% of leaked accounts on platforms like Netflix, Roblox, and Discord were registered using corporate email addresses, which can lead to additional risks for businesses. In hybrid or bring-your-own-device setups common in the region, the mixing of personal and work-related activities on the same device can make organizations more vulnerable to cyberattacks.
Infostealers are often hidden in cracked games, cheat programs, or unofficial game modifications, making awareness and caution essential for gamers and businesses alike.