Gaming Companies, and especially those who provide a cloud service for either online play or account management are a great and very compelling target for attackers. When games are using a Merchant platform and allow transactions between users or vendors, essentially it means that it’s a viable market by any measure. Bottom line, these systems transact money.
In the last decade, with the introduction of the pay-to-play games such as World of Warcraft and others, the digital economy of gaming has become a target for hackers. This is due to the fact that by stealing an account, or hacking into the system – one can potentially convert digital money to real money, there have been talks in hacker forums about money laundering through that mechanism as well.
Although this hack against Riot Games may have had a limited success in stealing credentials, personal customer information did leak. This kind of information can be used for identity theft, or for a phishing campaign, which is the most common account-takeover method in online gaming nowadays, if it’s so difficult to prevent phishing at commercial companies and their educated employees, usually convincing a kid to “get more gold if you click here” is like taking virtual-candy from a child.
There is definitely a trend in hacking gaming companies, which means that there is value in that. Cybercriminals nowadays won’t just break into a system to put a clown face on your screen, they are after your money. Gaming just might be an easy way to it.”
Barry Shteiman | Senior Security Strategist | Imperva
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.