In-game trading marketplace Traderie has alerted users to a data breach impacting their personal information, TechCrunch has learned.
Traderie, owned by U.S.-based company Akrew, is a website that allows users to trade and sell in-game items from titles including Roblox, Rocket League, Diablo and Elden Ring. In an email sent to affected users this week, seen by TechCrunch, the company said it experienced a recent “security incident” that allowed an unauthorized third-party to acquire “some data from your account.”
The incident also affected Akrew’s Nookazon website, which allows gamers to trade and sell in-game items from Animal Crossing: New Horizons.
In the email, Traderie didn’t say which user data had been accessed or how many individuals are impacted by the breach. The company’s privacy policy states that Traderie collects personally identifiable information including email addresses, Discord and Twitter usernames, and log data, such as IP addresses and browser information. Traderie also says it connects “millions” of video game players from all around the world.
The company hasn’t responded to TechCrunch’s questions.
A post on BreachForums — the notorious hacking forum that recently returned after it shut down in March — claims to have more details about the data breach.
In a post published in early August, a user called “victim” claimed to be selling the data stolen from Traderie for $5,000 in bitcoin.
The BreachForums user claims as many as 2.6 million Traderie users are impacted by the breach, and says compromised information includes email addresses, IP addresses and online identifiers for various services, including Discord, TikTok, Roblox, Xbox Live, Apple, Google and more. TechCrunch has seen a portion of the stolen data.
The post also claims that the stolen data includes some Stripe information, which Traderie uses for processing payments, including customer IDs and subscription statuses.
In the email sent to affected users — published on Traderie’s website on August 8 — the company notes that it does “not directly store your password and any financial information is handled by the payment platform Stripe.”
The BreachForums post claims that Traderie experienced another breach in 2022 affecting approximately 400,000 users, but allegedly paid to keep the breach from leaking and did not notify affected users of the incident.
Access our platform effortlessly on-the-go through our user-friendly mobile apps.
𝗦𝗲𝗺𝗮𝘀𝗼𝗰𝗶𝗮𝗹 𝗶𝘀 𝘄𝗵𝗲𝗿𝗲 𝗿𝗲𝗮𝗹 𝗽𝗲𝗼𝗽𝗹𝗲 𝗰𝗼𝗻𝗻𝗲𝗰𝘁, 𝗴𝗿𝗼𝘄, 𝗮𝗻𝗱 𝗯𝗲𝗹𝗼𝗻𝗴. We’re more than just a social platform — from jobs and blogs to events and daily chats, we bring people and ideas together in one simple, meaningful space.
