Once upon a time, I called myself a gamer. I streamed on Twitch, I watched every OpTic Gaming video on YouTube, and I don’t want to even think about the amount of GFuel I consumed. But was I really a gamer? After all, my accounts (all deleted now) were never hacked, a rarity in the heady days of 2014, when it seemed like online gaming accounts were protected by little more than a password and a prayer.
I was lucky, but let’s be real: I was also terrible at Call of Duty, League of Legends, Smash, and the handful of esports I tried. My accounts just weren’t worth much to other gamers at the time. In today’s landscape, all gaming accounts are a treasure trove of personal information for enterprising hackers both inside the gaming sphere and in the wider online criminal communities.
What’s in a Name?
Think about all the information a gaming account holds, whether it’s your own or your kids’. In just your screen name, gamer tag, or handle there may be valuable data such as your birth year or common nicknames. Hackers can use these kinds of personally identifiable information (PII) to find you on data broker sites, and use that info to guess your passwords for your logins all over the web.
I recently spoke with Rob Shavell, a privacy expert with Abine’s DeleteMe, an online personal data removal service, about identity theft in the online gaming community. He said that since hackers are now a known element of playing online, gamers of all ages should take steps to secure their identities.
Shavell explained, “The games these days have become bank accounts for kids. They spend their time and they bank their allowance money and parents’ money. You also have a set of people that have some basic hacking skills.” Add in the proliferation of data brokerage online, and there’s plenty of information and incentive for hackers to take over accounts.
Data broker sites contain a wealth of personal information that goes beyond just a name and phone number and that data can be used against you. Shovell stated, “Some of these data brokers now have information about the car you drive and the amount of money you spent on your house, and where you were educated. Your mother’s maiden name, your exact date of birth. These are things that a lot of us tend to use when we’re creating passwords.” Even if your passwords are secure, these details could still be used as challenge questions for logging into some sites.
Hacking for Fun and Profit
If you think stealing gaming accounts is just the petty work of irate fellow gamers or kids pulling off small-time scams, think again. Game account hacking is a lucrative business in some corners of the web, and PII is a cheap commodity. Shovell said automation is the key to the hacking process, noting, “There are tools that hackers can use to scrape all this data and then go try different configurations against different gaming platforms. The sophistication that they bring to those hacks has gone way up. They’ve written software that they trade around on the dark web that makes it easy.”
Hackers don’t even need to always guess the correct password combinations to make a lot of money from their crimes. Shovell said, “They don’t have to be successful more than a half of the time to have a really good business. A few correct times out of every hundred or thousand guesses, and all of a sudden, there’s a lot of accounts getting taken out.”
How to Avoid Online Gaming Hacks
So what can you do if you’re a gamer or the parent of one? The key to security is multi-factor authentication, and for now, the best method that’s secure, convenient, and free is to use an authenticator app.
Here at PCMag, we’re big proponents of multi-factor authentication in all its forms, whether it’s implemented with the aforementioned authenticator apps or with a hardware security key.
Proper password protection is also a must. Each week I ask my readers to use a password manager, and I will continue until more readers stop using the same passwords for multiple logins. Even if you believe your repeated password is unique, why take the chance that a hacker gets it right one time? There are a few decent free password managers out there (even though my beloved Myki is gone). Pick one and give yourself a fighting chance against online criminals.
You should also consider examining your digital footprint. Have you Googled yourself recently? You may be surprised at all the information you find, especially if you’re active on social media or play online games.
If seeing a vast amount of your personal information online gives you the creeps, consider investing in a data removal service such as DeleteMe or IDX Privacy, which has a similar data deleting component. Data removal services submit takedown requests to all kinds of data broker sites on your behalf throughout the year, so you don’t have to. Of course, you can always just do the job yourself for free. Abine created a step-by-step guide to defeating data aggregators.
If you want to take your online security to the next level, you also need to watch what you share on all online platforms. Tackling the data brokers is just one step when it comes to maintaining online privacy. PCMag’s Eric Griffith wrote a handy guide for disappearing from the internet completely.
Get this from a friend? Get it delivered to your inbox weekly. Sign up for the SecurityWatch newsletter.
What Else Is Happening in the Security World This Week?
Google Sues to Stop Puppy Scammer From Targeting Consumers. Google wants its lawsuit to raise awareness about the puppy scams. One major red flag: If you’re asked to pay for the dog using digital gifts cards instead of legit payment services.
Protect Your PC: How to Work From Home Securely. Working from home opens up security risks you just don’t face in the office. When an IT staffer isn’t available, these simple tips will help protect your company’s data, as well as your own.
Microsoft Stops Russian Hackers From Targeting Ukraine With Domain Takeover. The company secures a court order to take over seven internet domains that a Russian state-sponsored hacking group was using to launch phishing attacks.
11 Android Apps Found Secretly Harvesting Data From Millions of Users. A mysterious company in Panama has been paying Android app developers to incorporate an SDK capable of lifting sensitive data from users’ phones, including copy-paste information.