Da Nang, Vietnam: India has emerged as one of the hardest-hit countries in the Asia-Pacific (APAC) region for Steam account compromises, with 84,262 breached accounts in 2024, according to cybersecurity firm Kaspersky’s Digital Footprint Intelligence (DFI) report. The data, presented at Kaspersky’s Cyber Security Weekend in Da Nang, Vietnam, underscores the scale of cyber threats targeting the rapidly growing gaming community in the country.
Globally, 5.7 million Steam accounts were compromised in 2024, driven largely by infostealer malware — malicious software often disguised as cracked games, cheat tools, or unofficial mods. The Steam breach forms part of a broader 11 million gaming account credentials leaked last year, which also included accounts from Epic Games Store, Battle.net, Ubisoft Connect, GOG, and EA app.
India in the Regional Context
India ranked fourth in APAC for the number of compromised Steam accounts, following Thailand (162,892), the Philippines (93,273), and Vietnam (87,969). The country’s large and fast-growing gaming base, bolstered by mobile penetration and increasing PC gaming adoption, has made it an attractive target for cybercriminals. Indonesia (69,909) rounded out the top five.
Summary – Compromised Steam Accounts in APAC, 2024
Kaspersky DFI’s data shows significant Steam account compromises across APAC in 2024. Thailand recorded the highest number at 162,892 breaches, followed by the Philippines (93,273), Vietnam (87,969), and India (84,262). Indonesia (69,909) also reported substantial figures.
Mid-tier numbers were seen in Malaysia (37,718) and South Korea (37,097), while China (18,786), Sri Lanka (10,877), and Singapore (4,262) recorded comparatively fewer breaches.
The report highlights how densely populated and digitally active gaming markets in APAC, including India, are becoming prime hunting grounds for cybercriminals deploying infostealer malware.
Risks Beyond Gaming
Polina Tretyak, Digital Footprint Intelligence Analyst at Kaspersky, warned that the threat extends well beyond gaming: “Even credentials stolen years ago can resurface on dark web forums. The actual number of compromised accounts is likely much higher than what’s immediately visible.”
She added that using corporate email addresses for personal gaming accounts can pose additional cybersecurity risks, potentially opening the door for attacks on company systems.
Protective Measures
Kaspersky advises individuals to:
-
Run full security scans to remove malware.
-
Change compromised passwords immediately.
-
Monitor accounts for suspicious activity.
For businesses, proactive dark web monitoring and leveraging threat intelligence tools like Kaspersky’s DFI can help detect and mitigate threats before they escalate.
With India’s gaming market continuing to expand and its player base surging, cybersecurity experts caution that vigilance and better digital hygiene are essential to protecting both personal and corporate digital assets.
