Are Video Game Developers Taking Online Security Seriously?

Numerous data breaches have hit gaming networks and publishers over the past few years. You’re probably aware of the PlayStation Network’s problems, as well as the attacks that affected EA gamers and even GOG.com has had its share of account hijacks.

The fact is that when it comes to online games, attackers know that they can gain information about players, from personal data to banking information, and what standing and status those players (or their associated characters) have in the in-game world.

No one is safe: a newbie might be targeted as someone who may have a lot of money to spend, whereas experienced gamers with vast collections of game credit and inventories might be targeted so that those items can be stolen and sold off.

Protecting gamers from such attacks is naturally the responsibility of game developers and publishers, but a recent survey by gaming security company PlayFab has made some stunning findings.

Wait, A “Gaming Security Company”?

PlayFab provide services (such as monetization and analytics) for building MMO and other connected games, and tools for operating them, which means keeping track of what players are doing and customizing the game around their activities, using targeting techniques. Part of this involves keeping the player data secure.

 

And this is where the problems arise…

Matt Augustine, PlayFab’s CTO, told me that “gamers value data security, but they have very low confidence that developers take it seriously, so they basically don’t trust them. So they resort to ineffective measures such as entering fake data into games.”

PlayFab’s survey reveals even more surprising results. For instance, one figure indicates that 70% of respondents were unaware of any game company security breach. Given the long list of online gaming breaches over the past few years, this is a huge surprise, one that can surely only be down to game developers and publishers failing to impress the importance and impact of such breaches.

Shouldn’t Game Developers Take Security More Seriously?

As an online security commentator, it is my firm belief that any company that is requiring business from you (whether you’re paying with cash, personal data, or both) has a contractual duty to treat your data with the utmost respect.

This means keeping data secure, and dealing with breaches responsibly and openly.

It seems, however, that this viewpoint is not shared by the developers. PlayFab’s survey reveals that because gamers value gameplay experiences and the cost of being a part of that experience above all else, security is given a back seat.

 

What doesn’t help is game developers making mistakes, acting on misconceptions that are particularly dangerous, such as the quality of their gaming clients. Says Matt:

“The number one thing is they can’t trust game client code. They just assume that the game client that they ship… is something they can trust, but in reality that gets hacked all the time. So anything that touches virtual currencies or virtual goods or what not, that needs to be secure and controllable, otherwise it gets hacked and people exploited.”

Who Are You?

Data security is taking a back seat, it would seem, to profit and ease. While we’re sure this isn’t the case with every game developer or gaming network, there is considerable evidence to suggest that the gaming industry – particularly where online gaming on consoles, desktops and mobiles is concerned – needs to take steps to deal with online security issues.

But we can’t rely on the industry to take complete ownership of these problems; there has to be action from us as gamers. We’ve already seen how online anonymity (which online gaming hackers depend upon) has been eroded in social networking and commenting. Could this approach be taken for online gaming? “We see it even now, especially in mobile games are using Facebook and the like as a form of authentication, and I do think that probably is a growing trend.”

How To Keep Your Online Gaming Secure

Several steps should be taken to ensure the security of your online gaming experience. Matt kindly offered three:

1. Don’t use the same passwords on multiple games, websites and services. “Whenever one is compromised, attackers can take that information and compromise a gamer’s other accounts.”
2. Stick with well-known platforms. “They have the resources to take security seriously.”
3. Avoid buying virtual goods and credit outside of the game. “What we found in our investigations is that commonly people use stolen credit cards to buy virtual goods, or buy install codes, and then sell it online for real money.”

However, we can go further. MakeUseOf.com offers three more steps to improve your game security.

1. Use games that accept two-factor authentication for signing into the game client.
2. Avoid ad-supported games on smartphones and tablets. If available, pay for the upgraded, ad-free version, to avoid advert malware (“malvertising”) infecting your system and stealing your game login details.
3. Resist the temptation to buy and download “cheats” from grind automation to anything claiming you can gain game cash for little effort. These are scams, and will more often than not result in your account being banned. Assuming you haven’t already had your game inventory and real-world bank account or credit card emptied first.

Have you been hit by an online gaming security failure? Surprised by the lack of security offered by online gaming giants? Tell us in the comments.

Image Credits: Burglar With Balaclava by Andrey_Popov via Shutterstock, PeterPhoto123 via Shutterstock.com, Iryna Tiumentseva via Shutterstock.com, Georgejmclittle via Shutterstock.com