Raptr, a chat and video service for gamers, suffered a breach just over a fortnight ago. Dennis Fong, Raptr Founder & CEO, released a statement advising users to “reset [their] password at [their] earliest convenience.”
Being of the gamer persuasion myself any news about leaked passwords or usernames makes my skin crawl.The press release can be found here.
Unfortunately we seem to be prime targets for hackers and online fraudsters. Take Lizard Squad’s antics with PSN and Xbox Live for example.
Why is that? Why are online services like PSN, Xbox Live and now Raptr under fire from DDoS and more serious hack attacks?
Gaming Black Market
As Mark James, ESET security specialist, and I discussed in this blog post notoriety and “being associated with a high profile hack” means a lot to hacking collectives.
Gaming and its associated services offer this in abundance: gaming scandal and big developments are hitting mainstream news in a big way, this includes any hacks or disruption, it’s an easy win in terms of exposure.
Publicity is one thing, there is also a thriving online market for in-game currency and goods. When I say thriving I mean “an estimated online revenue of 19 billion in 2011 increasing to around 35 billion by 2017.”
If we take the infamous World of Warcraft as an example, and a fine example it is too, players can invest “a very long time” in “building or nurturing” their in-game characters or avatars, amassing large amounts of in-game currency and items which can “often be sold for real money outside of the game.”
There is also a market for the accounts themselves. Why put in the time and effort required to unlock everything in a game when you could just buy an account in which it’s done for you? Because it’s probably stolen that’s why.
2FA
A big part of the problem is that “a lot of users still do not use separate usernames and logins for all their games or apps.”
Meaning that if one service or game is breached there is the potential for subsequent breaches using the same information. Raptr, and similar services, can act like a shopping list as it shows games played whilst the service is active.
The key is using a unique password per game and per service and using two-factor authentication where available. The vast majority of online games like WoW, Rift and Final Fantasy ARR use a 2FA app. Other services like Steam sport an email authentication system of 2FA.
For more information about 2FA in general read this blog post.
Join our LinkedIn Group and stay up to date with the blog.
Have you ever had a game account hacked or stolen?