Logging on to your favorite multiplayer game to pwn your friends gets a little more difficult when you don’t have access. One gamer recently noticed their Electronic Arts (EA) account was compromised by Russian hackers, writing about the incident in an online forum in January. Another said at the end of February that their Epic Games account was hacked, even with 2FA set up, writing on Reddit that the hacker “booted my email ID so I don’t have access now.”
Others have recently taken to Facebook to vent their frustrations, with one user writing on Feb. 20 that their computer was infected with a trojan, which led to a ban on their Fortnite account. Another on Jan. 30 said hackers first compromised their email account, which led to them losing their Epic Games account—one which contained “years upon years” worth of games and models worth thousands of dollars.
“As organizations have done a better job, protecting systems, protecting data protecting devices—[hackers] look for the weakest link, and oftentimes that can be a gamer,” Theresa Payton, the first woman to serve as White House chief information officer—and a mother of three Gen Z gamers—told IT Brew.
In 2022, the gaming industry was the primary target of distributed denial-of-service (DDoS) attacks—targeted nearly twice as much as the more high-profile financial sector—according to Akamai’s “State of the Internet” report on the gaming industry.
Payton—who now serves as the CEO and chief advisor at Fortalice Solutions, a Charlotte-based company that provides consulting services relating to cybersecurity, fraud, and risk, said these attacks can come from any region.
“Gaming is being played as a collegiate sport now, so [hackers] know that they can attack, and there will be some type of a payout. Sometimes it’s financial. Sometimes it’s identity theft. And in other cases, that is just an entry point into a bigger target, which could be the business.”
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Rush hour. Hackers targeting gamers will often look at upcoming releases when timing their schemes, Payton said, also noting that these groups have also been known to hide Trojans in cheat code downloads.
“If anybody says, ‘Turn off antivirus,’ ‘Turn off your two-factor authentication,’ or they say, ‘Give me your code—I can authenticate you.’ That is a red flag. That is not how two-factor authentication works.” Users should also be wary of fake downloads and sites, with Payton adding that “phishing sites are targeting all the hot games.”
Strategy. “I would say for the more sophisticated—the adults and the hardcore gamers—they are now receiving very targeted social engineering, where people are impersonating high-level gamers, influencers, bloggers, to try and strike up a relationship with the better gamers who have maybe a national or regional ranking and offering fraudulent prizes.”
“Cybercriminals are also finding ways to get into game stores, and when they do, they’re stealing credentials, payment details, user accounts—and then they turn around, and it looks like a legitimate user account so they do this account takeover and then they reach out to other users.”
Payton recommends gamers find a solid antivirus software that’s compatible with their systems. “Not all of them are super compatible with gaming platforms,” she said. “Find the right one that works with your configuration.”
She also recommends gamers keep everything up to date, including web browsers. “Power everything down. Boot it back up. Make sure you’re on the latest and greatest before you get involved in gaming for the day.”