In-game trading marketplace Traderie has alerted users to a data breach impacting their personal information, TechCrunch has learned.
Traderie, owned by U.S.-based company Akrew, is a website that allows users to trade and sell in-game items from titles including Roblox, Rocket League, Diablo and Elden Ring. In an email sent to affected users this week, seen by TechCrunch, the company said it experienced a recent “security incident” that allowed an unauthorized third-party to acquire “some data from your account.”
The incident also affected Akrew’s Nookazon website, which allows gamers to trade and sell in-game items from Animal Crossing: New Horizons.
In the email, Traderie didn’t say which user data had been accessed or how many individuals are impacted by the breach. The company’s privacy policy states that Traderie collects personally identifiable information including email addresses, Discord and Twitter usernames, and log data, such as IP addresses and browser information. Traderie also says it connects “millions” of video game players from all around the world.
The company hasn’t responded to TechCrunch’s questions.
A post on BreachForums — the notorious hacking forum that recently returned after it shut down in March — claims to have more details about the data breach.
In a post published in early August, a user called “victim” claimed to be selling the data stolen from Traderie for $5,000 in bitcoin.
The BreachForums user claims as many as 2.6 million Traderie users are impacted by the breach, and says compromised information includes email addresses, IP addresses and online identifiers for various services, including Discord, TikTok, Roblox, Xbox Live, Apple, Google and more. TechCrunch has seen a portion of the stolen data.
The post also claims that the stolen data includes some Stripe information, which Traderie uses for processing payments, including customer IDs and subscription statuses.
In the email sent to affected users — published on Traderie’s website on August 8 — the company notes that it does “not directly store your password and any financial information is handled by the payment platform Stripe.”
The BreachForums post claims that Traderie experienced another breach in 2022 affecting approximately 400,000 users, but allegedly paid to keep the breach from leaking and did not notify affected users of the incident.
Access our platform effortlessly on-the-go through our user-friendly mobile apps.
๐ฆ๐ฒ๐บ๐ฎ๐๐ผ๐ฐ๐ถ๐ฎ๐น ๐ถ๐ ๐๐ต๐ฒ๐ฟ๐ฒ ๐ฟ๐ฒ๐ฎ๐น ๐ฝ๐ฒ๐ผ๐ฝ๐น๐ฒ ๐ฐ๐ผ๐ป๐ป๐ฒ๐ฐ๐, ๐ด๐ฟ๐ผ๐, ๐ฎ๐ป๐ฑ ๐ฏ๐ฒ๐น๐ผ๐ป๐ด. Weโre more than just a social platform โ from jobs and blogs to events and daily chats, we bring people and ideas together in one simple, meaningful space.
