Gamasutra is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Gamasutra: The Art & Business of Making Gamesspacer
arrowPress Releases

If you enjoy reading this site, you might also want to check out these UBM Tech sites:

Credit card thieves reportedly using  Clash of Clans  to launder money

Credit card thieves reportedly using Clash of Clans to launder money

July 18, 2018 | By Emma Kidwell

Credit card thieves are allegedly using the mobile games Clash of Clans, Clash Royale and Marvel Contest of Champions (developed by Supercell and Kabam, respectively) to launder hundreds and thousands of dollars. 

In the case of Clash of Clans and Clash Royale, players can spend real money for premium in-game currency like gold or gems. Players can take this premium currency and buy advantages, but the currency apparently also serves as an easy way to launder money. 

According to a report published by German cybersecurity firm Kromtech, the thieves used 20,000 stolen credit cards to make purchases in Clash of ClansClash Royale, and Marvel Contest of Champions by reselling accounts with those same purchases to third-party marketplaces and receiving money in exchange, with zero attachment to the stolen cards.

This laundering is possible because of the accessibility to automatically create accounts on a large scale. For example, Apple only requires a valid e-mail address, password, date of birth, and three security questions to create an Apple ID.  

E-mail accounts are easy to create. The thieves were reportedly able to automate the account creation process, allowing them to create accounts on a large scale, resulting in an automated money laundering tool for credit card thieves to use.

Kromtech’s investigation began with database-building software MongoDB. Poor configurations granted hackers access to data from tens of thousands of MongoDB databases. Kromtech became aware of these Clash of Clans thieves after analyzing samples from one database, which stored over a hundred thousand credit cards. 

"The tool we found and its users currently work with countries such as Saudi Arabia, India, Indonesia, Kuwait, and Mauritania," writes the report.

"We do not know if this was simply because the tool and Facebook page is new and this is just due to initial users, or if operating through these countries provides some kind of additional benefit to the thieves." 

Although there seem to be no immediate solutions, Kromtech urges developers and service providers to secure their account creation process from abuse by automated tools and police their policies when it comes to tracking and pursuing thieves. 

Related Jobs

Moon Studios
Moon Studios — Remote, California, United States

Senior Designer
Disbelief — Chicago, Illinois, United States

Junior Programmer, Chicago
Disbelief — Cambridge, Massachusetts, United States

Senior Programmer, Cambridge, MA
Disbelief — Cambridge, Massachusetts, United States

Junior Programmer, Cambridge, MA

Loading Comments

loader image