Details for nearly 200,000 Grand Theft Auto fan site users have been traded on the digital underground. This contains email addresses, hashed passwords, dates of birth, and IP addresses. Deepak Patel, Director of Security Strategy at Imperva commented below.
Deepak Patel, Director of Security Strategy at Imperva:
“Data breaches in online video games are steadily growing every year. If this breach was the result of SQL injection, there are several effective ways to prevent those types of attacks from taking place, as well as protecting against them. The first step is input validation or sanitization, which is the practice of writing code that can identify illegitimate user inputs. While input validation should always be considered best practice, it is rarely a foolproof solution.
“The reality is that, in most cases, it is simply not feasible to map out all legal and illegal inputs—at least not without causing a large amount of false positives, which interfere with user experience and an application’s functionality. For this reason, video game companies need to employ a web application firewall (WAF) to filter out SQLI, as well as other online threats. WAF typically relies on a large, and constantly updated, list of meticulously crafted signatures that allow it to surgically weed out malicious SQL queries. Usually, such a list holds signatures to address specific attack vectors, and is regularly patched to introduce blocking rules for newly discovered vulnerabilities. Modern web application firewalls are also often integrated with other security solutions. From these, a WAF can receive additional information that further augments its security capabilities.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…