While playing a game online, you may occasionally get a creeping suspicion that something isn’t going the way it should. What’s happening with the data you’re entering into that tablet game? Can hackers trace you through your World of Warcraft account? With all the weird stories buzzing around on the internet, you can’t help but wonder, is online gaming safe?
The answer is, like so often, “it depends.” To get a little closer to an actual answer, we’ll have to take a look at a few different kinds of gaming, but also at a short history of data breaches in games. There are more of these than game companies would like to admit, so let’s just take a look at the biggest ones.
Before we do, however, do note that this is not an article aimed at people looking to avoid unpleasant encounters on the internet: griefers, smacktalkers and scriptkiddies employing aimhacks are a fact of life while gaming online. If there was an easy way to solve these problems — besides the good old “mute” button — we would be happy to share it with you.
The problems we can deal with fairly easily, however, are usually more serious than a thirteen-year-old calling you names. One of the most common is identity theft, where cybercriminals steal your data and use it for their own ends. When it comes to online gaming, such hackers are usually after credit card details.
It should be noted that big name games are usually free of this kind of thing, unless they’ve been hit by some kind of concerted attack that their, mostly excellent, security can’t handle. The biggest offenders are usually casual or mobile games, some of which give the impression they are only put on the market so the companies behind them can steal customers’ information.
Reformed conman Frank Abagnale, whose life served as the basis for the movie Catch Me If You Can, has warned Facebook users in the past of signing up for games on the social media platform. As it’s not always clear with these games what kind of access they have to your account, it could very well be that the people you’re playing with are trawling through your posts to see if you’ve left behind any interesting tidbits for them to use.
Another large risk are mobile games from digital media marketplaces like the Google Play Store. As there are generally no strict controls who puts what up on these pages, scams have proliferated. Most of these mobile games will either collect data by letting the app give itself permissions to look through your entire phone, while many others will wait for users to complete a micro-transaction and then make off with the credit card info.
Though one could argue that micro-transactions are in themselves criminal, buyers best beware when it comes to free-to-play games, as they might find that the bill ends up being a lot higher than promised.
Though the ill-intentioned make up far too large a proportion of these mobile games, smart consumers may want to avoid even bonafide companies as their security often is just very bad. Take for instance Fashion Fantasy Game: back in 2016 the information of 15,000 users past and present was stolen in a data breach perpetrated by cybercriminals.
Though most of the data involved was just email addresses, it does mean that the hackers were able to add another 15,000 names to one of their spam lists. That criminals want to go after such a treasure trove of information isn’t surprising, but their methods were: Fashion Fantasy Game was hacked using a SQL injection, which is scriptkiddie 101.
The fact that the game’s security wasn’t up to the task of defending against this very basic type of attack shows that many of the fly-by-nights that create these games skimp on security in order to turn a profit. A bigger and nastier example was the Gamigo hack in 2012, where the passwords and usernames of around eight million users were stolen from one of the largest online gaming companies in the world.
Though the damage was limited that time around, it was probably cold comfort for all the people that had found they were now on all the spam lists in the world.
In practice, all this means that mobile games are best avoided by the security conscious as the risk of being scammed or having your device slaved to a botnet are simply too high. As with many things on the internet, “free” just means that you’re the product being sold. For further examples of these kinds of practices, check out our article on the worst free VPN providers.
When it comes to mobile games, here at Cloudwards.net we recommend you either stay away or at least never sign up for anything. There are plenty of casual games around that need little besides HTML5 to run, so there’s no reason to infect your computer with malware.
However, it isn’t just this segment in the market that suffers from data breaches: even some of the biggest players around have been hit once or twice. The biggest, or at least the most embarrassing, was the PlayStation network hack in 2011 when not only the data (including credit card info) of around 2.5 million Sony customers were stolen, but the entire network went black for several days, to boot.
The CEO of Sony publicly apologized to his company’s customers, but the damage was, of course, done. Steam users are generally a luckier bunch: Valve’s security is pretty tight and they have prevented many attacks in the past.
One of the few times anyone noticed anything was during Christmas 2015, when the store page would display in foreign languages. Nothing much was stolen that time around, though Steam did lose millions of game keys just a few months later.
How to Protect Yourself While Gaming Online
The question whether online gaming is safe is pretty difficult to answer. As you can see from the above examples, every company large or small has been hit at some time. However, as a rule of thumb, it’s best to avoid free-to-play and other downloadable casual games, as well as anything offered on Facebook.
When it comes to bigger platforms and titles, the best protection is of course still not playing anything and reading a book instead, but that is likely not an option for most. Generally it’s best to never store your credit card info with the company — though this means you’ll have to enter it for every purchase, this minor annoyance also means that there is nothing to steal — as well as fixing up a strong password that can’t be easily guessed.
Gamers could also consider signing up with any of our top five cloud services for gamers, which all offer increased security, anonymity as well as tons of games. Though GaaS is still in its infancy, here at Cloudwards.net we predict a rise in popularity of this type of entertainment and the five services in that article seem to be on the cutting edge.
Last but not least, there is one way for consumers to always protect themselves from cybercrime — as well as NSA spying and nosy ISPs — and that is subscribing to a VPN service. Though these generally cost money (except for our top five best free VPN providers), you’re getting value for money as nobody will be able to track you online.
Here at Cloudwards.net we have a list of our preferred best VPN services. Online gaming may not be the safest thing to do, but it is possible the most fun; by protecting yourself before going online, you can be assured that no one can come after your money or personal information.
Do you have a security strategy different from that outlined above? Let us know in the comments below. Thank you for reading and stay safe.