In July of this year, three prominent gaming sites – Roblox, Neopets and Bandai Namco – were hit by data breaches within three weeks of each other.
Roblox had 4GB of player data stolen, the data of up 69 million players was exposed in the Neopets leak and Bandai Namco, which publishes titles such as Elden Ring, Tekken and Dark Souls, confirmed that a bad actor had gained unauthorized access to several of the company's internal systems.
Here, Cyber Security Hub explores why gaming sites are such a target for hacks and data breaches.
Hackers target gamers to gain login credentials
Electronic Sports League (ESL) gaming company DreamHack reported that 55 percent of those who consider themselves to be frequent gamers said they had had an account compromised at some point.
Hackers may target gaming sites with the express purpose of gaining access to player's accounts. Once hackers have gained access to an account, they can then sell the account on.
In 2018, it was reported that teenagers within popular game Fortnite were ‘cracking’ other players’ accounts, resetting the login information and selling them on, with prices ranging from as little as US$0.30 to hundreds of dollars. One teenage hacker told the BBC that they had made UK£16,000 (US$18,933) in the seven months that they had been “cracking”.
By targeting player accounts, hackers are able to make money relatively quickly and easily, by accessing the login data for hundreds of accounts. The hackers then enable security procedures like multi-factor authentication (MFA) that are supposed to keep accounts safe, to lock the owner out. The password to the account can then be changed and the account sold.
Interested in gaining more insight from the cyber security community? Become a member of CS Hub today!
Gaming sites have a wealth of data
Gaming sites often have large user bases meaning there are more potential victims for hackers to target. This large user base also means there is a larger pool of sensitive information for hackers to exploit, including names and addresses. This makes them vulnerable to attacks from not just cybercriminals looking to steal and sell accounts but from more malicious actors who are planning to steal identifying information.
Microtransactions make games a target
With more games introducing in-game currency and microtransactions, more users have their payment methods linked to their accounts in addition to identifying information. This makes gaming sites a rich target for hackers who are looking to steal and use this information.
Senior lecturer in Criminology at Surrey University, Dr Michael McGuire, explained in a blog post that these currencies and purchases have “attracted hackers seeking to hijack these payments”.
"Routes to exploit players also include creating fake promotions and items to trick users into buying and downloading malware," wrote McGuire. "Additionally, hackers would be looking to steal payment details from players who make these in-game purchases."
McGuire also noted “the proliferation of in-game purchases and micro-currencies has also provided a platform that criminals can manipulate to launder the spoils of previous criminal activities”.
Security flaws make gaming sites easier to hack
While gaming sites have a large amount of user data that needs to be protected, Oberon Copeland, founder and CEO of technology website Very Informed, notes that gaming sites are frequently “poorly defended” meaning they are easy targets with a large payoff for hackers.
Copeland explains: “Hackers can exploit security flaws to gain access to user data or to disrupt the site's operations. In some cases, they may even be able to take control of the site's servers.”
This may present either an easy target to hackers who are looking to sell data or monetary information, or may just pose an exciting challenge to hackers who are simply looking to see if they are able to hack into a site.