Online games are a "playground" for organized crime and cyber criminals, JD Sherry, vice president of technology and solutions at Trend Micro said following the news that League of Legends accounts were compromised.
Earlier this week, account information - usernames, email addresses, salted password hashes, and some first and last names - for some North American League of Legends players were "compromised" by hackers. Riot was also "investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed."
The increase of free-to-play online gaming across all platforms over the years "have opened the doors to micro-transactions in-game." The simple and functional systems created so players can spend money effortlessly creates "playgrounds" for cyber criminals take advantage of. Attackers can either
"Game platforms can have millions of users all storing sensitive information or code access for more features," Sherry said. " These are highly sought after in the cyber-crime underground for trading and selling in the black market. These platforms can fall victim to cyber-attacks just like any organization, especially if they have vulnerabilities that go unpatched.
"The most recent attack against League of Legends allowed for exfiltration of sensitive gamer details and financial information," Sherry continued. "Other attacks are done in a watering hole fashion: essentially infecting all or part of a gaming platform to then ultimately distribute malware once innocent victims access the site going forward. These types of attacks have even bigger consequences to the gamers if their systems or devices become infected."
Sherry offers online players the following precautions and steps to ensure that personal information remains secure:
1. Keep your gaming PC/device current with operating system and application patches (Java, Windows, Adobe)
2. Change your passwords to your system and the online gaming community with frequency (every 3-6 months)
3. If you notice any suspicious activity, always change your password to your account immediately
4. If possible, don't store any personal sensitive data (social security number, home address, date of birth) that hackers could use for fraud
5. If you have to retain a form of payment to participate, use a credit card (not debit) and one preferably with a virtual account number
6. Run frequent security scans on your own system to ensure no malicious programs have been delivered via the game client
7. Frequent user forums to raise your awareness regarding security issues with the community
8. Use a pre-paid cash card for in-game transactions