Security insights from ThreatLocker
As computer games evolve, gaming businesses are no longer just focusing on better graphics. Game manufacturers are turning to the internet for better collaboration, game rooms, multi-person battles, and even a marketplace to buy and sell items in a virtual world.
One company that has been successful in this transition is Epic Games, who managed to net nearly $300 million in April alone from their Fortnite game. Users of the game can progress through levels with the help of items, which can be purchased using Fortnites virtual currency V-Bucks. Many users of the game opt to earn their V-Bucks in the game, while others choose a more leisurely approach and buy them using real US Dollars. Packages of V-Bucks range from $10 for 1000V-Bucks to $60 for 6,000 V-Bucks.
When buying V-Bucks Fortnite will store your credit card details on their systems, this makes it easier for you to purchase more V-Bucks in the future.
Not only is your credit card information saved. Gaming companies often keep other personal information, such as name, address, and answers to security questions.
In 2016 Epic games had a massive data breach, which involved leaking hundreds of thousands of users e-mail addresses. While e-mail addresses alone were not enough to break into systems, bad actors used the list of e-mail addresses to orchestrate a spear phishing campaign, which resulted in too many users clicking on links and inadvertently giving their passwords to these hackers. Many of the victims of these campaigns are minors and have no idea about the risks of clicking on links in e-mails. The initial damage to victims was the use of their credit cards to purchase additional V-Bucks without their permission. However, the real loss to these victims may never be quantified.
Hackers often use personal information found on these systems to build a stolen identity of the players. Finding out a person's passwords often leads to access to other systems that share the same password. Information such as pets name, e-mail address and mothers maiden name can be used to steal an identity.
Parents of children who are gamers, and gamers themselves need to be vigilant when signing up for online gaming services. The risks may seem insignificant at face value, but in many cases lead to identity theft.
While most parents are conscious of other gamers, they seldom consider the risk of a stolen identity.
So how can you protect yourself?
When signing up on any website, always use a unique password. In most cases. If your password is compromised, it will allow bad actors to gain access to other sites, such as your bank account or email account.
Ideally, change your password every three months.
If you receive an email from a site asking you to log in, always open the browser and enter the website address directly into the address bar. Never click on links in emails.
E-mails or promotions that offer V-Bucks should be read with extra caution. Even if the e-mail comes from the game company, it is quite possibly a spoofed email.
Don't download and install software unless you are confident of the source.
Always run antivirus software on your computer.
Where possible, don't give your payment information unless it is required. Consider using a virtual credit card number, or a disposal credit card number. Many major banks offer them free of charge.
These steps will help you reduce the risk of having your identity or personal information stolen. However, we recommend keeping yourself informed and working with cyber professionals to protect your data. There is no silver bullet in protecting yourself online. However, you can reduce the risk of becoming a victim by staying vigilant and following best practices.