In July of this year, three prominent gaming sites – Roblox, Neopets, and Bandai Namco – suffered data breaches within three weeks of each other.
Roblox had 4 GB of player data stolen, the data of up to 69 million players was exposed in the leak from Neopets and Bandai Namco, which publishes titles such as elden ring, Tekken Y Dark soulsconfirmed that a criminal had gained unauthorized access to the internal systems of several group companies.
Here, CS Center explore why gaming sites are such a big target for hackers and data breaches.
Hackers target players for login credentials
Electronic Sports League (ESL) game company DreamHack reported that 55 percent of those who consider themselves frequent gamers said they had had an account compromised at some point.
Hackers can target gaming sites for the express purpose of gaining access to player accounts. Once hackers have gained access to an account, they can sell it.
In 2018, it was reported that teenagers in the popular game Fortnite they were ‘cracking’ other players’ accounts, resetting the login information and selling them, with prices ranging from as little as US$0.30 to hundreds of dollars. One teenage hacker told the BBC they had made £16,000 (US$18,933) in the seven months they had been “cracking”.
By targeting player accounts, hackers can make money relatively quickly and easily, by accessing the login details of hundreds of accounts. Hackers then enable security procedures like multi-factor authentication (MFA) that are supposed to keep accounts safe, to lock out the owner. The account password can then be changed and the account sold.
Interested in learning more from the cybersecurity community? Become a CS Hub member today!
Gaming sites have a huge amount of data.
Gaming sites often have large user bases, which means there are more potential victims for hackers to target. This large user base also means there is a larger pool of sensitive information for hackers to mine, including names and addresses. This makes them vulnerable to attacks not only from cybercriminals looking to steal and sell accounts, but also from more malicious actors planning to steal identifying information.
Microtransactions make gaming a goal
With more games introducing in-game currency and microtransactions, more users have their payment methods linked to their accounts in addition to identifying information. This makes gaming sites a good target for hackers looking to steal ads to use this information.
Senior Lecturer in Criminology at the University of Surrey, Dr. Michael McGuire, explained in a blog post that these coins and purchases have “attracted hackers looking to hijack these payments.”
“Routes to exploit players also include creating fake promotions and items to trick users into purchasing and downloading malware,” McGuire wrote. “Furthermore, hackers would seek to steal the payment details of players who make these in-game purchases.”
McGuire also noted that “the proliferation of in-game purchases and micro-currencies has also provided a platform that criminals can manipulate to launder the spoils of previous criminal activity.”
Security flaws make gaming sites a target
While gaming sites have a lot of user data that needs to be protected, Oberon Copeland, founder and CEO of the technology website Very Informed, points out that gaming sites are often “poorly defended,” meaning which are easy targets with a big payoff for hackers.
Copeland explains: “Hackers can exploit security flaws to gain access to user data or disrupt site operations. In some cases, they can even take control of the site’s servers.”
This can present an easy target for hackers looking to sell data or monetary information, or it can just present an exciting challenge for hackers just looking to see if they can hack a site.
Why do you think gaming sites are a popular target for hackers? let us know in the comments.