Gamers hit with over 14 million credential stuffing attacks daily
According to data analyzed by the Atlas VPN research team, gamers are hit with 14.02 million credential stuffing attacks daily.
A successful credential abuse attack steals the victim’s account and puts the owner’s credit card information as well as in-game assets at risk. Worth noting - veteran players might have thousands of dollars worth of items in their game inventory.
Credential stuffing is a cyber-attack where fraudsters use large numbers of stolen credentials to log into individuals’ or companies’ accounts. This cyber-attack type is on the rise due to the high number of data breaches in the past years.
While credential abuse attacks are rarely discussed, data reveals that it is a wide-spread issue. Hackers attacked gamers a staggering 9.83 billion times from July 2018 to June 2020. In other words, players are hit with around 14 million attacks per day or 584 thousand attacks per hour.
Data shows that the top 5 countries are responsible for 49.32% of all fraudulent login attempts to user accounts. The US, Russia, Canada, China, and Germany are responsible for 4.85 billion attacks out of the 9.83 billion intrusion attempts globally.
It appears that most credential abuse originates from the United States. However, it is worth noting that hackers often change their IP addresses when carrying out these attacks. Meaning, the locations provided should be looked at with a grain of salt.
Even so, the number of attacks remains correct. The fact is that the top 5 locations are responsible for over 6.92 million attacks per day or more than 288 thousand attacks per hour.
What can gamers lose if they get hacked?
Akamai and DreamHack carried out a survey where they gathered responses from more than 1,200 gamers. The survey was available from April 16, 2020, to May 31, 2020.
The study asked players what they are most worried about if their account gets hacked. The most common answer was credit card information, with 49.1% of respondents stating it as their biggest concern.
Losing access to their account was the biggest problem for 47.7% of survey respondents, while 42.1% of players were concerned about their in-game assets. In-game assets include special weapons, skins, unique tools, and similar.
The concern of losing in-game assets is valid as a single special weapon can cost hundreds of dollars and, in rare cases, up to thousands of dollars.
Tips on password hygiene: effective mitigation for credential stuffing
Until credential stuffing affects you directly, you might be reluctant to follow the recommendations for password security. However, this might come at your expense. You can avoid the devastating financial losses, account takeovers, and emotional distress by following these simple rules:
- Do not reuse passwords. At this stage of digital advancement, there is no excuse for applying the same password on multiple occasions. The fact that people still reuse passwords is the reason why credential stuffing continues to boom.
- Make use of password managers. If you are afraid of forgetting passwords, download or use web-based managers. They will securely hold all of your credentials, and will even help you create strong and unique combinations.
- Deploy two-factor authentication (2FA). You should always use 2FA on all your accounts. It adds a layer of security, reassuring that users will only access accounts after presenting an extra piece of information. For instance, a service might prompt you to type in the code sent to your phone or email. Let’s say hackers break into your account due to credential stuffing. Unluckily for them, they won’t be able to log into your account without the external confirmation.
- Check if your email was compromised on haveibeenpwned website. Here, users can check if data breaches have compromised any of their accounts. This website is run by Mark Hunt, a Microsoft employee and a cybersecurity expert.
Cybersecurity Researcher and Publisher at Atlas VPN. My mission is to scan the ever-evolving cybercrime landscape to inform the public about the latest threats.