How to protect your online gaming accounts from hackers
Once upon a time I called myself a gamer. I streamed on Twitch, I watched every OpTic Gaming video on YouTube, and I don’t even want to think about the amount of GFuel I consumed. But was I really a gamer? After all, my accounts (all deleted now) were never hacked, a rarity in the heady days of 2014 when online gaming accounts seemed to be protected by little more than a password and a prayer.
I was lucky, but let’s be real: I was also terrible at Call of Duty, League of Legends, Smash, and the handful of esports I tried. My accounts just weren’t worth much to other players at the time. In today’s landscape, all gaming accounts are a treasure trove of personal information for enterprising hackers both within the gaming sphere and in the wider criminal online communities.
What’s in a name?
Think about all the information a gaming account has, whether it’s yours or your children’s. Just in your screen name, gamertag or handle there can be valuable data such as year of birth or common nicknames. Hackers can use this type of personally identifiable information (PII) to find you on data broker sites, and use this information to guess your passwords for your logins across the web.
I recently spoke with Rob Shavell, a privacy expert with Abine’s DeleteMe, an online personal data removal service, about identity theft in the online gaming community. He said that since hackers are now a familiar element of online gaming, players of all ages should take steps to secure their identity.
Shavell explained: “Games these days have become bank accounts for kids. They spend their time and they bank their allowance money and their parents’ money. You also have a set of people who have some basic hacking skills.” Add in the proliferation of online data brokering, and there’s plenty of information and incentive for hackers to take over accounts.
Data brokerage sites contain a wealth of personal information that goes beyond just a name and phone number, and which data can be used against you. Shavell stated: “Some of these data brokers now have information about the car you drive and how much money you spent on your house and where you were educated. Your mother’s maiden name, your exact date of birth. These are things that a lot of us tend to use when we create passwords.” Even if your passwords are secure, these details can still be used as challenge questions to log into certain websites.
Hacking for fun and profit
If you think stealing game accounts is just the petty work of annoyed fellow players or kids engaging in petty scams, think again. Hacking game accounts is a lucrative business(Opens in a new window) in some corners of the web, and PII is a cheap commodity. Shavell said that automation is key to the hacking process, noting, “There are tools that hackers can use to scrape all this data and then try different configurations against different gaming platforms. The sophistication that they bring to these hacks has gone way up. They have written software that they swap around on the dark web that makes it easy.”
Hackers don’t even always have to guess the right password combinations to make a lot of money from their crimes. Shavell said, “They don’t have to be successful more than half the time to have a really good business. A few right times out of every hundred or thousand guesses, and all of a sudden there’s a lot of accounts getting cashed out.”
How to avoid online gaming hacks
So what can you do if you’re a gamer or the parent of one? The key to security is multi-factor authentication, and currently the best method that is secure, convenient and free is to use an authenticator app.
Here at PCMag, we’re big proponents of multi-factor authentication in all its forms, whether it’s implemented with the aforementioned authentication apps or with a hardware security key.
Proper password protection is also a must. Every week I ask my readers to use a password manager, and I will continue until more readers stop using the same passwords for multiple logins. Even if you think your repeated password is unique, why take the chance of a hacker getting it right even once? There are some decent free password managers out there (although my beloved Myki is gone). Choose one and give yourself a chance to fight online criminals.
You should also consider examining your digital footprint. Have you googled yourself recently? You may be surprised by all the information you find, especially if you are active on social media or play online games.
If you see a large amount of your personal information online, consider investing in a data removal service such as DeleteMe or IDX Privacy, which have a similar data deletion component. Data removal services send removal requests to all types of data broker sites on your behalf throughout the year, so you don’t have to. Of course, you can always just do the work yourself for free. Abine created a step-by-step guide to defeating data aggregators(Opens in a new window).
If you want to take your online security to the next level, you also need to watch what you share on all online platforms. Tackling the data brokers is just one step in maintaining online privacy. PCMag’s Eric Griffith wrote a handy guide to disappearing from the internet entirely.
Recommended by our editors
Do you like what you read? Get an extra SecurityWatch story delivered to your inbox weekly. Sign up for the SecurityWatch newsletter.
What else is happening in the security world this week?
Google sues to stop puppy scammer from targeting consumers. Google wants the lawsuit to raise awareness about puppy scams. One big red flag: If you are asked to pay for the dog using digital gift cards instead of legitimate payment services.
Protect your PC: How to work safely from home. Working from home opens up security risks you just don’t face in the office. When an IT professional isn’t available, these simple tips will help protect your company’s data, as well as your own.
Microsoft stops Russian hackers from targeting Ukraine with domain takeover. The company secures a court order to take over seven Internet domains that a Russian state-backed hacker group used to launch phishing attacks.
11 Android apps found that secretly harvest data from millions of users. A mysterious company in Panama has paid Android app developers to incorporate an SDK capable of lifting sensitive data from users’ phones, including copy-paste information.
Google pulls 6 fake antivirus apps from Play Store that delivered malware. Security firm Check Point says hackers created the fake antivirus apps in the hope that unsuspecting users would download them.
Do you like what you read?
Sign up SecurityWatch newsletter for our best privacy and security stories delivered straight to your inbox.