Online gaming: an overlooked potential security risk

If you, or someone in your family, enjoy the super-popular online games be warned: there are real-life security risks at play in online gaming.

Take Fornite, for example. Three recently discovered security bugs would have allowed hackers to access account and payment information, and also listen to chats. Even more scary? All it would have taken is clicking on a single malicious email link—no user name or password required.

The Verge reported that Epic Games found out about the vulnerability in November and put a patch in place a few weeks later. However, just because this particular crisis is over doesn’t mean you can breathe a sigh of relief. The phishing scheme hinged on weaknesses in the game’s use of single sign-on—the same general process used by many Facebook, Google+, PlayStation Network, Xbox Live, and Nintendo users.

Single sign-on means you only use one set of login credentials (username and password) to access multiple applications. That makes it easy to use, but it also means you have to be extra vigilant to look out for scams. Clicking on one malicious link could easily take you to a webpage designed to steal your username and password—and then the hackers have access to it all (including, in this case, payment information). And, with these particular Fortnite weaknesses, a fake login page wasn’t even needed for it to work.

Given other recent hacks involving Fortnite, Town of Salem, and Fallout 76, it seems clear gaming fraud isn’t going away. And, since so many gaming platforms cater to children, it means it’s more important than ever to teach your kids basic online safety skills.

Epic Games offers some easy steps gamers can take to keep their information private—none of them earth shattering, but all are the foundations of good security:

1) Don’t. Reuse. Passwords. Seriously, just don’t. Using the same password is like having a single key to unlock your car, your house, and your bank vault. You wouldn’t do that in the real world so don’t do it in the virtual one.

2) Use strong passwords. Stay away from the obvious (translation, don’t use “12345” or “password” and the like), make it long, use a mix of characters, avoid common number substitutions (pick a random character instead), and don’t use memorable key paths/patterns.

3) Don’t share account information. It may be obvious to grownups, but kids are more likely to think its okay to share their login information with an online friend. Heck, even sharing information with a real-life friend can be a danger if they turn around and share.

4) Turn on two-factor authentication. Yes, Fortnite offers it and they’ve been encouraging users to sign up since August. According to Newsweek, Fortnite will still give a free Boogie Down emote to all players who enable two-factor authentication. The other popular sites listed above also offer two-factor authentication: Facebook, Google+, PlayStation Network, Xbox Live, and Nintendo.

If you don’t take precautions, no amount of heals in the game will help you recover from real-life data theft (note: a Supply Llama won’t help either!). Stay safe out there.


Image courtesy of Sergey Galyonkin.


About TDS Security Team

The latest news and advice from the TDS Security Team.

One Response to Online gaming: an overlooked potential security risk

  1. Xero January 21, 2019 at 8:30 am #

    Best advice to give is to use a password manager. In the modern digital age, with how many accounts we all have, it’s impossible not to reuse passwords if you try to memorize all of them. And moreover, when you try to memorize them, you are bound to use simple words that can easily be guessed by basic software tools.

    Use something like Bitwarden or KeePass. Let it auto-generate unique, complex passwords. Most even auto-fill login screens for you.

Leave a Comment