Skip to main content

Hackers are targeting gamers for their rare in-game skins and weapons – here's how to protect yourself

(Image credit: Pixabay)

Gamers are increasingly at risk of having their accounts targeted by hackers since Covid-19 has witnessed a rise in online gaming, as folks who are in lockdown spend more time in virtual worlds.

According to a new Akamai report entitled ‘Gaming: You Can’t Solo Security’, gamers are being subjected to a host of phishing and credential stuffing attacks. The latter is where a cybercriminal attempts to log into game accounts (or gaming platforms like Steam) by going through lists of username and password combos which can be bought online (often on the dark web).

A lot of those username and password pairings are taken from old data breaches, and essentially the attackers are hoping that gamers may have reused the same password with gaming accounts (which is why one of the golden rules of good security practice is that you should never do this).

In total, Akamai has observed some 10 billion credential stuffing attacks in the two-year period from July 2018 to June 2020.

Phishing is the other main method of stealing login credentials, using some kind of portal which looks like the game service, but in actual fact is just a clone made with the express purpose of snaffling account names and passwords.

In the same two-year period covered by the report, some 152 million web application attacks (of 10.6 billion total) were aimed at the gaming industry, and in the main were SQL injection attacks attempting to extract login details or other personal data stored in databases on the server.

All this activity has increased in 2020 due to lockdowns and the spike in interest when it comes to online gaming, as mentioned at the outset. All of which makes for fairly worrying news for gamers, although Akamai reckons that folks aren’t as bothered about this increase in malicious activity as they should be.

Not worried?

A survey of gamer attitudes regarding security which was conducted by Akamai and DreamHack found that of those who identify themselves as ‘frequent players’, more than half (55%) said they’d had an account compromised at one point. However, of those victims only 20% said they were ‘worried’ (or ‘very worried’) about that.

The majority, then, were not that bothered at the prospect of having been compromised, or perhaps simply don’t realize the dangers therein.

Not only do cybercriminals stand to gain simply from stripping personal data from account profiles, or potentially payment details – but some gamers can have a lot of pricey in-game assets (like fancy skins or rare weapons) in their favorite titles which could potentially be stolen.

Akamai observes that it’s a good idea to look at protecting your gaming accounts – or indeed other online accounts – by using one of the best password managers around. Either that, or make sure you use strong passwords, and preferably employ two-factor authentication as well.

The report also made another interesting finding in terms of Distributed Denial of Service attacks: in the past year, more than 3,000 of 5,600 DDoS attacks were aimed at the gaming industry, no less.