Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

The video game industry is a black hole for cybersecurity

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 26 Jul 2019 10:29:22 +0000 (UTC)
https://venturebeat.com/2019/07/24/the-video-game-industry-is-a-black-hole-for-cybersecurity/

By Michael Greene
Venture Beat
July 24, 2019
New data from Akamai, an internet delivery and cloud services company, has exposed that the video game industry remains a growing threat vector for security breaches. Hackers have targeted 12 billion credential stuffing attacks against game websites within a 17-month period. Emuparadise, the retro gaming site, is the latest gaming community to admit having suffered a credential stuffing attack. 


So why is gaming such a weak link?
Industries that have significant financial risk, like banking or ecommerce, store passwords in robust hashing algorithms that make them difficult to crack. This deters cybercriminals who look for the easiest and fastest way to breach systems: credential stuffing attacks. Those are attacks where other sites with passwords have been hacked, and those names and passwords can then be attempted.
The rise and success of credential stuffing attacks is a result of people continuing to reuse the same passwords across multiple accounts. Google identified that 59% of online users reuse passwords. When a data breach happens, user credentials are exposed and can subsequently be found on the internet and the dark web. Cybercriminals use a bot with a list of exposed credentials against a website to gain access to an account on that site. When the bots successfully access an account, it’s logged. From there, they can either takeover the account or they can sell the data to other bad actors for use at a later date.
The reason that gaming is subject to so many breaches is twofold; No. 1, most video game companies use low-friction authentication measures because increasing friction drives customer attrition and results in a loss of revenue. The second issue is that from a consumer perspective, gaming is seen as having a low financial risk and, as a result, gamers tend to use less secure passwords. Adding to these challenges is the fact that game developers are pressured to deliver more products at a faster pace, meaning there are more bugs and security issues for cybercriminals to exploit. This has created a perfect storm in the video game industry upon which hackers are all too eager to capitalize. 

[...]


--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: