Online gaming: How to stay safe from hackers and vicious opponents

Whether you play games through free or premium services, hackers can get plenty of value from your account. Remember all those crates unlocked over several years of collecting? There’s potentially hundreds of dollars worth of cosmetics across your Fortnite, PUBG Lite, and Overwatch accounts. Hacking most accounts isn’t too difficult because many players fail to employ basic cybersecurity precautions. Once they take over your account, they might be able to:

• Steal in-game items that have value in the virtual economy.
• Listen to your gaming conversations and read your chats.
• Reuse your login details to break into other accounts (for example, social media).
• Use your details in phishing attacks to get even more information out of you.
• Sell your details on the dark web.
• Use your payment details to purchase virtual currencies, send them to the attacker’s account, then resell them on the gaming platform or the dark web.
• Use your account to launder money.

Let’s take a closer look at the nine biggest online gaming risks.

One of the biggest mistakes you can make in online gaming security is to use a weak password when creating your gaming account. A short password, especially one that uses common words that could be quickly guessed by a hacker’s software, can be cracked in milliseconds. That Minecraft or Roblox account you made years ago before you had a decent knowledge of cybersecurity is probably protected by a weak password. If you don’t want to lose the progress across those online games, it’s time to update your passwords. Hackers have large databases of common passwords that come in handy when performing brute force attacks.

To complete a brute force attack, the hacker only needs your user name or your email address. They will then use a bot that will try all passwords on their database until they succeed or until they go through the whole list with no luck.

Data breaches and leaks are another password goldmine for hackers. Unfortunately, there’s not much you can do to protect yourself as this depends on the cybersecurity of the company that stores your data. If they keep your passwords unencrypted, it’s quite possible that they will end up on the dark web and in the hands of a hacker.

Data breaches seem to be a pretty widespread threat. In its research the cybersecurity company KELA discovered nearly 1 million hacked accounts associated with gaming clients and employees. 50% of them were offered for sale in 2020. KELA also found out over 500,000 leaked credentials of gaming sector employees.

If you reuse passwords on multiple accounts, you may also be vulnerable to credential stuffing attacks. If your login details have been previously leaked or a hacker breached any other account of yours, they will probably try to reuse the same login details on other platforms. If you used the same password for your gaming account and your online banking, you might be in huge trouble.

Credential stuffing is another common threat. Akamai, a cybersecurity company, published a report revealing that the video game industry experienced almost 10 billion credential stuffing and 152 million web applications attacks between 2018 and 2020. The attacks reached new heights during the Covid lockdowns.

Cross-site scripting is another type of attack widely used by hackers to steal your login details. How does it work? Some website servers do not reconfirm authentication every time they exchange information. Hackers use this vulnerability to inject scripts into the website’s UI, which can then be used to steal the information you entered into that website.

If you are serious about gaming and do it professionally or competitively, you may become a victim of a Distributed Denial of Service (DDoS) attack. Using a botnet, a hacker who knows your IP address could flood your router with artificially inflated traffic, forcing you offline. Your League of Legends teammates won’t be happy with the blackout your system will suffer from a DDOS attack.

Hackers can also try to trick you into downloading malware. For example, if you want a game not released in your country of residence, you may decide to download it from a P2P website. Hackers know what games are popular, and they can use them as bait. Don’t get tempted to download malware masquerading as a new game release.

Phishing can also be used to trick you into clicking on malicious or spoofed links. For example, Fortnite players have been tricked into clicking on links posted in gaming forums offering them discounted or free virtual tokens and other accessories. In reality, the links were part of a cross-site scripting attack that helped hackers breach players’ accounts.

They can also send you phishing emails using the information they already have (i.e., your email address). It will trick you into thinking that they are from a legitimate company. This way, they may steal even more information from you like your passwords, payment details, home address, etc.

Cyberstalking and cyberbullying can also make your online and offline lives very bitter. Toxic behavior can be common in some video games. Opponents can look up your IP address, find out your location or even your identity, and then bully you on social media and your favorite gaming platforms. By knowing your preliminary address, they can stalk you in real life too.

If bad actors can uncover your real-world location, perhaps through a doxxing attack or by using your IP address, you could be targeted with swatting. This is a practice in which someone makes a false report to your local law enforcement agency, prompting armed officers to visit your residence. The name is derived from the term “SWAT team,” a term for US police armed response units. This can be a very distressing experience for victims and a waste of time for law enforcement, but it also puts lives at risk.

You can take simple precautionary measures to make hackers’ (and your most vicious opponents’) lives more difficult. This is how:

• Use strong passwords. Read these tips on how to create a unique password or use the automatic NordPass password generator.
• Enable 2 Factor Authentication (2FA). If you enable 2FA, getting into your gaming account or your email account will be twice as hard. What would happen if someone were to hack into your account? They could gift themselves games until the card linked to your account is maxed out. Hackers will now need physical access to your phone to get a second verification code.
• Use the NordVPN’s Threat Protection feature. Threat Protection makes your browsing safer and smoother. It helps you identify malware-ridden files, stops you from landing on malicious websites, and blocks trackers and intrusive ads on the spot.
• Familiarize yourself with phishing techniques. The easier it is for you to recognize them, the bigger the chance that you won’t fall for them.
• Familiarize yourself with cyberstalking and cyberbullying. Learn what to do if you become a victim of either.
• Use VPN for gaming. It will encrypt your traffic and will hide your IP address from any hackers and snoopers. It can also protect you from DDoS attacks and some instances of targeted ISP bandwidth throttling.