The gaming industry has exploded in the last few decades, and it doesn’t look like stopping. Furthermore, the quarantine locked huge populations at home, and a lot of people are turning to video games to help them pass the time. And it’s one of the more entertaining ways to do that, having in mind how much video games have improved over the years.
In parallel, this boosted sales in the video games industry. For better or for worse, microtransactions and in-game monetization have become common. Which, in turn, means people are spending more money on video games, and their accounts hold more value.
This sadly drew the attention of cybercriminals. Cybersecurity hasn’t been at the centre of attention, even though the digital world expanded rapidly. And right now, a lot of businesses and casual users alike are suffering the consequences.
In this article, we’ll overview the situation when it comes to gaming. A particular credential stuffing attack has drawn a lot of attention, and we’ll explain what it’s about and what can be done to protect your online accounts.
Cybersecurity and video games
Jonathan Singer, who works at Global Game Industries at Akamai, illustrated the situation perfectly. He says,
“”If your bank account gets hacked, you call the bank [and] they work with local authorities. … Call the police and tell them your Fortnite account has been hacked, you’re gonna get laughed off the phone,” he says. “But if you put a lot of money into that account, it’s not a laughing matter.””
The fact is, there is still little regulation when it comes to cybersecurity and video games. And mostly, it’s about gamers themselves protecting their account security. Data gathered by the same Akamai hints that cybercriminals make billions of credential stuffing attempts against gamers, which is a frightening number.
Furthermore, quarantine has spiked cybercrime as well. While some choose to play video games, cybercriminals spend their time at home looking for easy targets to hit. Even the World Health Organization has reported an increase in cyber attacks, so it’s safe to assume many separate sectors might be in danger. Including the video games industry.
What are Credential Stuffing attacks?
Credential Stuffing has been around since 2014, but it gained momentum only in the last few years. And it’s primarily due to an increase in online accounts that people have. Back in the days, it was common to have a few accounts, like your e-mail, some forums, Facebook, maybe a few more. But right now, it is estimated that people can have up to one hundred accounts in different services because we use so many of them.
The problem arises when you need to choose a password for each service. If you have a few, then it’s easy to remember a few passwords. But if you have nearly a hundred, then it’s mentally impossible to remember that many passwords. Moreover, if you want those passwords to be secure, they have to be long and complex, and it’s even harder to remember.
So people started using the same primitive “qwerty” passwords for their accounts, and that’s what Credential Stuffing exploits. This attack relies on data-leaks when username-password combinations leak from some unprotected service. Hackers hope that the same username-password combination will be on a different service. This is how it works:
- A hacker obtains a data set of leaked username-password combinations;
- He or she buys additional automatization software, which helps to target lots of different accounts automatically;
- The data set is loaded to the software, and the attacker begins targeting various services with obtained usernames-passwords;
- In case of success, the accounts are stolen and most likely sold on online black markets.
The attack is straightforward to execute, and that’s why it’s so popular. A lot of cybercriminals try this method for an easy cash-grab. So what can you do to protect your accounts?
Use a password manager
Password managers are a great way to solve this issue. They work by storing any number of passwords in an encrypted vault, accessed via a master password. So instead of having to remember dozens of different passwords, you need to remember just one.
There are lots to choose from, like LastPass or a newer player in town – NordPass. NordPass uses advanced encryption algorithms for password vault security and allows you to autofill passwords, so you don’t have to type them by hand anymore. The best part is you can have any amount of passwords, and they can be as long and complex as you need, which provides sufficient protection against credential stuffing attacks.