We Live Security looks at six of the biggest online gaming hacks to date – From Xbox Live and PSN, to Big Fish Games and Steam.
Online gaming systems and apps are a common target for cybercriminals, looking to do everything from improving their own scores and grabbing new game features to stealing Bitcoin wallets. We now look at six of the biggest online gaming hacks to date.
1. Sony PlayStation Network
The Sony PlayStation Network was famously hacked back in April 2011, resulting not only in the compromise of up to 77 million accounts, but also downtime which prevented users of the PlayStation 3 and PlayStation Portable consoles from playing online through the service.
The attack continued for two days, eventually forcing Sony to turn off the PlayStation Network on April 20 – a downtime which lasted for 23 days. The Japanese electronics giant admitted that personally identifiable information from each of the 77 million accounts was breached, with 12,000 encrypted credit card details potentially accessed as well.
This breach remains one of the biggest in the 21st century, and has been described as the fourth biggest of all time, going by records lost. Sony said that the outage costs set the firm back a whopping $171 million.
2. Xbox Live, PlayStation Network (again)
Father Christmas may bring presents on Christmas Day, but the gifts handed out by hactivism collective the ‘Lizard Squad’ were less well received, especially by Sony and Microsoft, on 25th December 2014.
The group launched a series of distributed-denial-of-service (DDoS) attacks against Xbox Live and the Sony PlayStation Network (PSN) on Christmas Day, bringing down both services and leaving gamers young and old twiddling their thumbs instead of their gamepads, unable to play the latest releases.
Access to PSN and Xbox Live was eventually restored between 24 and 48 hours later, but the attack gave a good example of the growing skills in hactivism groups and showed just how disruptive cyberattacks can be.
The online video game service Steam was the subject of a massive data breach in 2011, which resulted in attackers compromising login details for one of its discussion forums as well as a database which held ID and credit card data, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information.
Fortunately, service owner Valve said that there was no evidence that credit cards had been misused or Steam accounts abused. Valve took the forums offline after learning of the attack.
The firm quickly begun their own investigation, advised forum users to change their passwords, and on other accounts if the same as used for Steam.
Steam is a gaming service that lets people buy, download, play and chat about a huge variety of games. It is used by around 35 million users worldwide.
Back in 2012, Germany-based free online gaming site Gamigo was hacked, with hackers posting as many as 11 million passwords online after they had penetrated the website’s defenses.
These passwords were published onto a forum, and contained 8.2 million unique email addresses. Gamigo warned users in early March that an “attack on the Gamigo database” had exposed hashed passwords and usernames and possibly other “additional personal data.” The site required users to change their account passwords.
The dump of passwords contained email addresses from Gmail, Yahoo, Hotmail and many other services, indicating that some Gamigo users may have used the same password for other accounts.
5. Big Fish Games
Back in February of this year, Seattle-based gaming company Big Fish Games revealed that it had suffered from a data breach in which hackers made off with customer payment information.
The firm discovered the breach on January 12 and said that malware was installed on the billing and payment pages of the company’s website. Hackers subsequently intercepted customer data including names, addresses, payment card numbers, expiration dates and CVV2 codes.
Big Fish Games stressed that only customers who had entered new payment information on the company’s website between 24 December 2014 and January 8, 2015 may be affected. Those who used payment information from a previously saved profile don’t appear to be impacted – and the same applied to customers buying games on Facebook, iOS or Android.
Founded in 2002, Big Fish claims to be the world’s largest producer and distributor of casual games. The company says it has distributed more than 2.5 billion games to customers in over 150 countries.
6. Various (South Korea)
In August of last year, South Korean authorities confirmed that 27 million individuals in the country had been hit by a massive data breach – a figure which means nearly 70 percent of the population between 15 and 65 years of age were affected, according to Tech Worm.
The breach came to light after the law enforcement arrested 16 individuals who were suspected either of the attack itself, or of trying to sell the records on.
One criminal, known only as “Kim”, was apparently attempting to sell over 220 million items of personal information after allegedly buying these details from a hacker.
The police suspected that “Kim” used the personal information to steal online game currency by using a hacking tool. This tool logs onto a user’s account once the log-in details are entered. If the passwords were wrong, he allegedly bought the personal information on ID cards and their issue dates from a retailer in Daegu, to change the passwords himself.
The data, which included account logins and registration numbers, was stolen after attackers hacked registration pages for online games, movie ticketing and ringtone downloads. Online gambling promotion services were also affected, reported Korea’s Joongang Daily at the time.