Skip navigation

Effective October 28, 2019 Duo Security will be transitioning to Cisco's Privacy Statement. View the Duo Privacy Data Sheet.

Industry News

Protecting Your Online Gold: 2FA for Gamers

Identity theft and account takeover is common for bank accounts and medical insurance, but what about online gaming? Gaming accounts are often targeted for the value of items that can be traded in games (known as in-game commerce), as well sold for player value.

According to eWeek.com, 77,000 gaming accounts on a popular gaming platform, Steam are hijacked each month by attackers. Over the holidays in late December, the Steam Store was hit with a denial-of-service attack, with a 2000% increase in traffic. In response, they deployed caching rules to help mitigate the impact on their servers and users.

Unfortunately, a configuration error incorrectly cached web traffic for authenticated users, allowing them to view others’ information, including email and billing addresses, and the last four digits of account credit cards. Steam confirmed that a DoS attack exposed the personal information of about 34,000 users.

The Steam Database Twitter account warned users to avoid using the store for the time being, while one user reported unauthorized charges of $3,000 on their account, according to CinemaBlend.com.

The massively multiplayer online role-playing game, World of Warcraft, is also often a target of password-stealing malware, with attackers stealing online gold and other goods accrued by characters. Apparently, it happens so often that there are how-to articles available about what to do if your WoW account has been hacked, and support guidelines from Battle.net. In 2013, a few malicious hackers were sentenced to two years in prison for buying and draining WoW accounts, then reselling them, according to IGN.com.

Typically, the articles recommend enabling two-factor authentication on your gaming accounts to add another method of verifying your identity. This cuts down on the likelihood that someone can take over your account with only a stolen password.

Blizzard Entertainment, the video game developer company behind WoW, introduced their version of two-factor authentication back in 2008 for gamers, an authenticator device that generates one-time passcodes to log into their accounts.

Now, eight years later, gaming vendor Valve is adding two-factor authentication to Steam accounts, called Steam Guard Mobile. This prevents users from using their authenticator app of choice to verify their identity before trading items in the game.

Twitch, a live-streaming gaming video platform, also recently added 2FA for their users after emails were sent to certain users early this year, informing them that their user information may have been breached - including plaintext passwords captured by malware.

While adding 2FA to your individual gaming and gaming community accounts can help protect those accounts from hijacking, gamers should also consider adding the extra layer of authentication to their email accounts and other online accounts that could be abused if they use similar or the same passwords, as criminals will often test your credentials across different websites to see if they work. Learn more about Why Two-Factor Authentication?

Similarly, gaming vendors and online streaming platforms should support the technology for their users to add to their accounts, if they don’t already. While gaming accounts aren’t viewed as potential targets the same way that bank accounts may be, that can allow for security lapses that give hackers access to gaming accounts that may be tied to credit cards, or used to trade in digital currencies.