Gaming platforms usually fall quite low on the totem pole of considerations when people think of accounts they need to protect. Which is a shame, because it’s created the perfect opportunity for hackers to swoop in and take over.
Akamai recently released its state of the internet report, and it had some troubling conclusions. Credential stuffing attacks are becoming a massive problem worldwide. And they are especially dangerous to gaming websites and stores.
Akamai’s report revealed that over 12 billion stuffing attacks were game websites in the past two years. Not only is this data worrying, but it seems that game websites themselves are big targets for data breaches too. Two recent attacks include 170m passwords stolen from Words With Friends company Zynga and around 800,000 account details taken from RuneScape bot provider EpicBot.
The gaming community must not gloss these concerns over. Gamers have their part to play in all this. They can avoid disasters if appropriate safeguards are in place.
What is Credential Stuffing?
Credential stuffing attacks are what happen after successful data breaches have occurred:
- Attackers use bots that take these stolen credentials.
- They test these credentials on various websites to gain access to those accounts.
- They record successful logins, and either use the account themselves or sell those details off to a bidder.
Either way, the account holder is now in danger of having their personal and financial information stolen.
Criminals can also hack accounts on Steam or Epic (for example) and change the logins so they can sell them to a bidder. There are many Xbox, PSN, Steam, and Epic accounts for sale on the cheap on the dark web.
A Disaster Born out of Complacency
There are two main reasons why credential stuffing attacks are so successful:
- Companies don’t add more complicated forms of authentication on their platforms.
- Gamers don’t take steps to protect their passwords and accounts.
Companies in the gaming industry — whether they’re selling games or talking about them — want as many people using their service as possible. Making the platform accessible is a big part of that. Or they risk losing players to a competitor with a more user-friendly approach.
So platforms tend to forego more sophisticated security systems. Or they make them optional instead of mandatory. Other authentication methods, such as two-factor authentication, are obstacles to a seamless experience. So they ignore them in the name of revenue.
Gamers, meanwhile, don’t take the security of their gaming accounts seriously enough. Many don’t realize criminals want to target their accounts. Or they might not be safety conscious and don’t take enough cybersecurity precautions in general.
Because of this, gamers tend to use easily crackable passwords and reuse passwords across several or all their accounts. The latter is the biggest reason why credential stuffing has become such a profitable venture for criminals.
To be clear, cybercriminals don’t always steal credentials to get into gamers’ accounts. But they will always go for the easy target and take what they can.
Cybersecurity for Gamers
Gamers need to start thinking about their online accounts as valuable assets. Like someone would with their banking and shopping accounts. It makes sense to secure those accounts and use strong passwords for them, and it’s the same here.
If remembering all those different passwords becomes a problem, then password managers are the right solution. These tools generate and encrypt passwords, plus they store them in a safe place. Some also auto-fill them on other apps and websites. It’s convenient and more reliable: a win-win!
So whether someone’s accessing their accounts via Android, iOS, or Windows, they should think about getting a password manager. There aren’t any password managers for consoles, but Xbox players can log in on Windows as well, so a Windows password manager can still help.
But not only adults play video games. Young kids have game accounts too, and they are less security-conscious. So parents should help them secure their accounts and teach them about safeguarding their passwords.
The Bottom Line
Credential stuffing attacks and other criminal activity is going to get worse as time goes on. The gaming industry is worth over $120 billion — a community that big will always attract cybercriminals looking to take their cut. The point is not to let them have it. And taking care of your accounts is the first step you can take.