In July this year, three top gaming sites – Roblox, Neopets and Bandai Namco – were hit by data breaches three weeks apart.
Roblox has 4 GB of player data stolen, data of up to 69 million players exposed in leak from Neopets and Bandai Namco, which publishes titles such as Ring of Elden, tekken and dark soulsconfirmed that a malicious actor had gained unauthorized access to the internal systems of several group companies.
Here, CS Center explores why gaming sites are such a target for hacks and data breaches.
Hackers target gamers for login credentials
The Electronic Sports League (ESL) electronic games company DreamHack reported that 55% of those who consider themselves frequent gamers said they had had an account compromised at some point.
Hackers can target gaming sites for the express purpose of gaining access to player accounts. Once hackers gain access to an account, they can then resell the account.
In 2018, teens of the popular game Fortnite were reported to be “cracking” other players’ accounts, resetting login credentials and reselling them, with prices ranging from as little as $0.30 to hundreds of dollars. dollars. A teenage hacker told the BBC he made £16,000 in the UK (US$18,933) in the seven months he ‘cracked’.
By targeting player accounts, hackers can make money relatively quickly and easily by accessing the login data of hundreds of accounts. The hackers then activate security procedures such as multi-factor authentication (MFA) which are supposed to protect the accounts, to lock out the owner. The account password can then be changed and the account sold.
Want to learn more about the cybersecurity community? Become a CS Hub member today!
Gaming sites have a wealth of data
Gambling sites often have large user bases, which means there are more potential victims for hackers to target. This large user base also means there is more sensitive information hackers can exploit, including names and addresses. This makes them vulnerable to attacks not only from cybercriminals looking to steal and sell accounts, but also to more malicious actors planning to steal credentials.
Microtransactions make games a target
With more games introducing in-game currency and microtransactions, more users have their payment methods linked to their accounts in addition to credentials. This makes gaming sites a prime target for hackers looking to steal and use this information.
Lecturer in criminology at the University of Surrey, Dr Michael McGuire, explained in a blog post that these currencies and purchases have “attracted hackers seeking to embezzle these payments”.
“Ways of exploiting gamers also include creating fake promotions and articles to trick users into buying and downloading malware,” McGuire wrote. “Additionally, hackers are reportedly looking to steal payment details from players who make these in-game purchases.”
McGuire also noted that “the proliferation of in-game purchases and micro-currencies has also provided a platform that criminals can manipulate to launder the spoils of past criminal activity.”
Security vulnerabilities make gaming sites a target
While gaming sites have a large amount of user data that needs to be protected, Oberon Copeland, founder and CEO of tech website Very Informed, notes that gaming sites are often “poorly defended,” meaning they are easy targets with a big payoff for hackers.
Copeland explains, “Hackers can exploit security vulnerabilities to gain access to user data or to disrupt site operations. In some cases, they may even be able to take control of the site’s servers.
This can either present an easy target for hackers looking to sell data or monetary information, or simply an exciting challenge for hackers just looking to see if they are capable of hacking a site.