If you’ve ever spent hours trying to beat a video game, you know how devastating it can be to have all that hard work disappear when your console crashes or the game cartridge malfunctions. But with video games now hosted primarily online, the consequences are more dire than having to fight that final-level boss again.
In a virtual game world, loot, or special items that you collect in the game, have real-world value, and they’re connected to real-world credit cards and bank accounts, which is exactly what makes them targets for hackers. Since the onset of the pandemic, video games have soared in popularity, especially for kids. Online gaming traffic was up 30% this summer compared to the start of 2020, and hacks and schemes rose with the surge.
Hacking video games is its own business — and it’s lucrative
It almost seems silly that a hacker would steal virtual objects—until you realize what they’re worth. In a first-person shooter game called Counter-Strike: Global Offensive, certain weapons can be worth hundreds of dollars. According to the Wall Street Journal, a 17-year-old who’d been playing the game for years amassed over a thousand dollars’ worth of weapons and other items, only to have them stolen through a phishing scheme. A hacker posing as his friend convinced him to transfer his virtual assets to another one of his accounts, only to later discover that he was transferring them right into the hands of a cybercriminal.
This gamer is one of many to fall victim to similar cyberattacks. According to Steam, an online video game platform, 77,000 of their users’ accounts get hacked every month. Steam itself admitted that they’re aware that a skilled network of hackers now target the platform because it is such a lucrative pursuit. At first, the platform had a policy against replenishing items, because if items are duplicated they decrease in value. Once a hacker gets access to an item in a user’s inventory, it doesn’t just disappear; it circulates until the stolen item is eventually sold to another user, who likely doesn’t know the item was stolen in the first place. Those hundred-dollar swords suddenly aren’t such prized possessions.
With more and more reports about hijacked accounts though as even highly skilled and savvy gamers get hacked, Steam knew they had to take greater steps to protect their users.
Steam improved their security measures, including the messaging that users receive when an account has been compromised, and enabled their own two-factor identification. They also put a three-day hold on traded items for users who don’t enable the Steam Guard Mobile Authenticator (two-factor identification) to ensure that players have ample time to catch any fraudulent activity on their accounts.
Personal data could also be at stake when it comes to video game hacks
In June of 2020, Nintendo reported that 300,000 accounts had been hacked. Hackers gained access to users’ Nintendo Network IDs, which is a username and password tied to older Nintendo accounts. Users noticed that funds had gone missing from their accounts, as payment services and credit cards were able to be accessed by hackers, in addition to their email addresses and dates of birth. Nintendo stated, however, that credit card numbers were not exposed. The company refunded most of the unauthorized purchases, and encouraged users to set up an account using an email address rather than their older Nintendo Network IDs.
So how do we combat these security risks?
Dashlane recommends the following to take charge of your kids’ privacy when it comes to video games:
- Set up two-factor authentication. In all of these hacks and breaches, developers encourage users to take steps to protect their privacy, such as enabling two-factor authentication, or 2FA. If you need a refresher on why this is so important, check out Dashlane’s 101 on 2FA.
- Get a password manager to create and store stronger passwords. The key to more secure passwords is that they are random and unique. But you shouldn’t have to remember all those random strings of numbers for each account. Getting a password manager like Dashlane can change the game. Dashlane now also offers family plans so you and your kids can have separate passwords, but you’ll know that theirs are just as secure.
- Be careful about what you link to your video game account. In the case of Nintendo’s big breach earlier this summer, many users’ accounts were linked to their PayPal profiles, which were linked to their credit cards. Of course, you’re not going to set up an entirely new bank account just for Nintendo, but it’s important to be mindful of who you’re giving access to and to encourage kids to do the same. In-app purchases of items on an iPad game might seem harmless, but it can be all too easy to enable a third-party app to gain access to personal information. Talk to your kids about online security habits, and consider setting up parental controls on your kids’ iPhones, or using Family Link for Android to be more mindful of downloads.
- Beware phishing emails and fake URLs. If you receive an unexpected email alert that there is a vague “problem with your account,” resist the urge to click. This is often a tactic used by bad actors to phish your credentials. Hackers also set up sites that look identical to gaming sites to get your logins. Double-check that the linked URL and the sender’s email address are correct.