In-game trading marketplace Traderie has alerted users to a data breach impacting their personal information, TechCrunch has learned.
Traderie, owned by U.S.-based company Akrew, is a website that allows users to trade and sell in-game items from titles including Roblox, Rocket League, Diablo and Elden Ring. In an email sent to affected users this week, seen by TechCrunch, the company said it experienced a recent “security incident” that allowed an unauthorized third-party to acquire “some data from your account.”
The incident also affected Akrew’s Nookazon website, which allows gamers to trade and sell in-game items from Animal Crossing: New Horizons.
In the email, Traderie didn’t say which user data had been accessed or how many individuals are impacted by the breach. The company’s privacy policy states that Traderie collects personally identifiable information including email addresses, Discord and Twitter usernames, and log data, such as IP addresses and browser information. Traderie also says it connects “millions” of video game players from all around the world.
The company hasn’t responded to TechCrunch’s questions.
A post on BreachForums — the notorious hacking forum that recently returned after it shut down in March — claims to have more details about the data breach.
In a post published in early August, a user called “victim” claimed to be selling the data stolen from Traderie for $5,000 in bitcoin.
The BreachForums user claims as many as 2.6 million Traderie users are impacted by the breach, and says compromised information includes email addresses, IP addresses and online identifiers for various services, including Discord, TikTok, Roblox, Xbox Live, Apple, Google and more. TechCrunch has seen a portion of the stolen data.
The post also claims that the stolen data includes some Stripe information, which Traderie uses for processing payments, including customer IDs and subscription statuses.
In the email sent to affected users — published on Traderie’s website on August 8 — the company notes that it does “not directly store your password and any financial information is handled by the payment platform Stripe.”
The BreachForums post claims that Traderie experienced another breach in 2022 affecting approximately 400,000 users, but allegedly paid to keep the breach from leaking and did not notify affected users of the incident.
Read more on TechCrunch: