If you’re a gamer of any kind, you should be worried about your security.
Nowadays, a lot of information is stored on game launchers, in-game, and on your consoles and televisions: passwords, login information, and sometimes third-party payment software such as PayPal, or even your debit card information.
But your console or computer seems secure, right? Wrong! There’s so much that could go awry. Consider data from Akamai, an internet delivery and cloud service company that records and tracks cybersecurity issues, especially in the gaming industry.
Akamai’s report shows that the gaming industry is extremely vulnerable to cybersecurity attacks and that these attacks are happening more and more. Akamai’s report focuses on credential stuffing attacks, and in 2018 they recorded around 30 billion attacks. They reported that most of these attacks were performed by botnets or all-in-one applications.
What are Botnets?
According to Akamai, botnets are groups of computers that are tasked with a variety of commands. They run these commands automatically, and this can lead to a variety of attacks. Their primary function is to find accounts that are vulnerable to being accessed by an outsider.
These sorts of attacks are called “ATOs”, or account takeover attacks. These attacks occur when someone gains access to your accounts, either one or multiple. They can buy things with your information or sell it. ATOs are often hard to detect and lead to invalid transactions.
Botnets can also cause streamers, typically gamers, to lose their accounts. It’s not as simple as “starting over;” people who put enough work into streaming video games can make a living doing what they love.
But it’s not just botnets weakening the security of the gaming industry. Did you know that part of what makes the industry so weak is their authentication methods?
Authentication Methods, Consumer Demand, and Financial Risk
Most game companies use something called “low-friction authentication measures” because stronger authentication measures take longer, and that can make users unlikely to play the game if it has long load times. This leads to a loss of profit for the video game companies; nobody wants to buy a game with long load times, after all.
The customer’s perspective doesn’t just affect the video game companies, though. Many people view gaming as a low-risk financially. But it isn’t for everyone, as people do make their living by gaming and streaming their games. But this “low financial risk” means that people use passwords that are not secure.
This doesn’t even consider the fact that consumer demand for games is so high, especially new games in a series, causing developers to put games out before they’re secure. This means cybercriminals can exploit existing bugs and security issues.
A lot of games do some of the hackers’ work for them. Do you play a game that displays a username as soon as you see someone in-game? That username is just part of the equation; it’s only half of what a hacker needs to access your account. So make sure you have a strong password and do not reuse your passwords!
All of those things come together to create the perfect industry for hackers to exploit. Especially when you consider that a lot of massively multiplayer online games (or MMOs) now have micro-transactions in-game.
What Do Hackers Gain?
Well, when a hacker targets video games and the players of these games, they’re going after a few things. In-game economies are so large now and are the predecessors of cryptocurrency. This in-game currency has very little value in the real world, but in-game? It’s everything. Especially if you have a lot of in-game currency on one account.
How old the game is does not play a factor as to whether or not a hacker will target it. Any account that has a lot of in-game currency or rare items can get a good sum of money in the real-world. But this issue isn’t just for in-game currency, it also applies to the games!
A lot of games are published, sold, and authenticated online on places like Steam, GOG Galaxy, Origin, and more. This means you manage most of your games with a single account, and people who are long-time users of one game store over the other may have libraries with hundreds of games.
And most recently, Steam has allowed players to earn points to spend on virtual items such as stickers, wallpapers, and cosmetics. So hackers stand to gain a lot if they get their hands on the right account, the right login information.
Types of Cybersecurity Issues
Cybersecurity issues are something that everyone experiences, whether they’re a gamer, but gamers have unique circumstances and risk factors. These cybersecurity issues can be lessened by using antivirus software. However, not all software is equal, be sure to research the software you’re using.
- Phishing
- Malware
- In-game security flaws
- Weak authentication
Phishing
Phishing is most commonly known as spam emails with malicious links. However, phishing has evolved into the world of social media and games. A gamer may search for cheat codes, and when they open a site, their computer is infected with a virus that’s stealing login information. A gamer who streams via Twitch may see a link sent out in his chat, that’s infecting his followers’ computers as they open it. Any chatting program can be adapted to send and receive phishing links and messages.
Malware
Malware vectors often go hand-in-hand with phishing methods. A Twitch chat can be used to send fake links to login pages, and it can be used to send malware to someone. Many players may be convinced to download malicious software that promises them hacks, cheats, or advantages over other players.
Security Flaws in Games
There are so many ways for hackers to get information from the players themselves, those game companies are not absolved of doing their part in protecting their players. Companies should provide secure infrastructure and applications for their players.
Weak Authentication
Weak authentication is caused by reusing your password. There are so many things that require passwords, especially gaming platforms, that it’s tempting to use the same password for everything. However, this means if a hacker gets one account, they’ll probably get them all.
But once you’ve learned about the various ways gamers get attacked by malicious actors, you can begin to fight the attacks. One such way that authentication can be strengthened is to set up two-factor verification.
How to Stay Safe While Gaming Online
Protecting your information in the gaming industry is even more important nowadays because a large demographic of gamers are children under the age of 18. Children are more likely to fall for various scams that will end up getting their information and accounts stolen.
Some tips for protecting the accounts of gamers of all ages are:
- Understand the dangers of playing a video game, online or otherwise. Be aware that there may be predators playing in the games with you, cyberbullying is prevalent, online scams, and of course, inappropriate content.
- Protect your personal information! Never give your username, password, or any information about yourself out. Especially if you’re playing an open-world online game. You don’t know who’s listening or watching.
- Secure your accounts and your devices. You need to change your passwords regularly, never use passwords that can be easily guessed such as passwords with birthdates, names, or common passwords. And NEVER use the same password for every account.
- Be careful with communication. Who are you talking to? How are you talking to them? Do you know it’s really the person you think it is?
But it isn’t just the consumers’ responsibility to protect themselves. How is the gaming industry trying to protect its players?
What is Being Done to Improve Security?
Because the gaming industry is such a massive industry, a lot of change is happening. Hopefully, the industry will continue to grow as hackers grow, so they can safely and efficiently secure people’s accounts and information.
Game marketplaces such as Steam and EpicGames are implementing things such as two-factor verification. This verification means that users must confirm their identity before logging into the account. Typically, a pin is sent to their email or phone number.
This is just one step of many that are being taken to ensure gamers are protected. Security information and event management (or SIEM) tools are other things that game creators can provide built into their games. this tool allows real-time visibility of in-game security, event logs, and much more. It even automatically notifies the system admin of events that are happening, such as an in-game bug that’s being exploited or a hacker getting information.
