Gaming Data Breaches Are a Loot Chest of Data

Date: 06/30/2020

Home Help Center Gaming Data Breaches Are a Loot Chest of Data

With gaming becoming a more popular pastime every day, gaming related data breaches are increasing. Video games may have a long history as a popular kids’ leisure activity, but the reality is that gaming is now a multi-billion-dollar global industry. More than 2.4 billion people around the world—about a third of the world’s population—are considered “gamers” – utilizing consoles, PCs and online gaming sites, smartphones and gaming apps, and handheld systems to play. While children still enjoy many of the popular games, adults do too, with the average age of a U.S. gamer being between 34-36 years old.

Gaming is certainly not “kid stuff” to hackers, either. With the rise in popularity of connected games that allow players to login and interact with one another, hacking of these platforms is on the rise. Webkinz, Zynga, Xbox, PlayStation, Stalker and Nintendo are just a few of the gaming data breaches in recent years, which have led to a variety of cybercrimes. As a result of all of the gaming data breaches, millions of usernames and passwords have been compromised, which can lead to credential stuffing, account takeover and more. There have even been data breaches of stored payment cards that are used to purchase games, extra lives and tools, and other items within the platforms.

Credential stuffing is a major concern because of the widespread use of eight-character passwords. Using software that can make billions of “guesses” per second, hackers can uncover a gamer’s login credentials and then test that same combination out on multiple websites. If the player reuses the email and password combination on other accounts, the hacker can then access that account and change the login credentials.

At the same time, children’s gaming platforms are also large targets for hacking. Child identity theft, or stealing sensitive information of a minor and using it, can be used to generate “synthetic” identities or to engage in fraud using a child’s personally identifiable information (PII.) Credential stuffing is also a potential issue in these cases because children don’t always have the same level of password hygiene that an adult might. Many times, a child will use the same password on numerous accounts and well into adulthood.

However, there are some steps that gamers can take to protect themselves. First, it is important that all consumers move past the traditional “password” concept and rethink it in favor of passphrases. These longer, easier to remember phrases will help stump password guessing software while also helping individual consumers avoid the temptation to reuse their passphrases on multiple accounts. With so many platforms requiring gamers to create an account in order to join or play, it is also important that users keep in mind the sort of information they must turn over to the platform. Invasive details or connections to other platforms like social media accounts or device-specific game accounts should be shared with caution. Gamers should also keep in mind that hackers may use social engineering tactics to steal their identity. Hackers might try to manipulate gamers into divulging additional sensitive information that the hackers could use to their benefit. Gamers can reduce their risk of social engineering by being cautious what information they are sharing and who they are sharing it with.

Should a gaming data breach occur, users need to act quickly to minimize the effects. Changing the passwords and locking down their accounts immediately can go a long way towards reducing the threat of account takeover, phishing attacks and identity theft. Victims of a gaming data breach or any other form of cybercrime or identity theft can live-chat with an Identity Theft Resource Center expert advisor or speak to one by calling the ITRC toll-free at 888.400.5530. Victims can also download the free ID Theft Help App for instant access to an advisor, a case management tool and much more.

Get ID Theft News

Stay informed with alerts, newsletters, and notifications from the Identity Theft Resource Center