Details for nearly 200,000 Grand Theft Auto fan site users have been traded on the digital underground. This contains email addresses, hashed passwords, dates of birth, and IP addresses. Deepak Patel, Director of Security Strategy at Imperva commented below.
Deepak Patel, Director of Security Strategy at Imperva:
“Data breaches in online video games are steadily growing every year. If this breach was the result of SQL injection, there are several effective ways to prevent those types of attacks from taking place, as well as protecting against them. The first step is input validation or sanitization, which is the practice of writing code that can identify illegitimate user inputs. While input validation should always be considered best practice, it is rarely a foolproof solution.
“The reality is that, in most cases, it is simply not feasible to map out all legal and illegal inputs—at least not without causing a large amount of false positives, which interfere with user experience and an application’s functionality. For this reason, video game companies need to employ a web application firewall (WAF) to filter out SQLI, as well as other online threats. WAF typically relies on a large, and constantly updated, list of meticulously crafted signatures that allow it to surgically weed out malicious SQL queries. Usually, such a list holds signatures to address specific attack vectors, and is regularly patched to introduce blocking rules for newly discovered vulnerabilities. Modern web application firewalls are also often integrated with other security solutions. From these, a WAF can receive additional information that further augments its security capabilities.”