Online gaming should be a safe and supportive community where you can let go and enjoy playing.
Unfortunately, gaming sometimes requires you to share sensitive data, like credit card information and addresses. Some resourceful hackers have managed to use their wiles to get into people’s accounts and wreak havoc. Below, check out gaming’s five biggest hacks.
1. Sony’s PlayStation Network
When: April 2011
Affected: Up to 77 million accounts; PlayStation Network down for 23 days; estimated loss of $171 million
This hack is generally viewed as the worst gaming hack ever, and has been described as the fourth biggest breach of all time, going by records lost.
Hacktivisit group Anonymous had been bombarding Playstation with DDoS attacks for weeks, in retaliation for legal action taken against one of their own hackers. On April 19, they managed to breach the PlayStation Network and gain access to an incredible amount of protected information.
Of more than 77 million accounts affected, over 12,000 had encrypted credit card numbers. Hackers gained access to full names, passwords, e-mails, home addresses, purchase history, credit card numbers, and PSN/Qriocity logins and passwords.
The attack continued for two days before Sony turned off their network on April 20, an outage that lasted for nearly a month. Sony was eventually asked to testify before a congressional hearing on security and to answer questions about the breach.
Affected: Unknown number of Steam users
In 2011, attackers compromised login details for one of the discussion forums for Steam, the online video game service. They also got into a database containing ID and credit card data, passwords, game purchases, email addresses, and billing addresses.
It’s not clear who hacked the forum, though it did for a while redirect to hacking website Fkn0wned. Fkn0wned denied responsibility, though some users reported getting email spam from them after the hack.
Luckily, Valve (the owner of Steam) found no evidence that the credit cards or Steam accounts were misused. User forums and Steam service account passwords are separate, and Valve took the forums offline after learning of the attack, preventing further damage. However, if you used the Steam forums and used the same handle and passwords on other platforms, it’s a good idea to change your password.
3. Blank Media Games
When: December 2018
Affected: 7.6 million players
Video game developer Blank Media Games created a popular online browser game called Town of Salem. The game touted a user base of almost 8 million players. But in December, a hacked-database search engine called DeHashed reported a hack that in turn cascaded into further breaches — more on that in a moment.
An anonymous hacker stole the personal details of 7.6 million players, including usernames, passwords, email addresses, and IP addresses. Luckily, the breach didn’t involve any credit card details.
But it didn’t end there. An unknown person sent a copy of the stolen data to commercial data breach indexing service DeHashed. DeHashed then contacted Blank Media, and the hacked servers were soon secured. The hacker was never found.
When: January 2019 – Present?
Affected: Unknown number of Twitch users
One hack leads to another. The Town of Salem breach allowed hackers to steal some 7.8 million passwords, which had been stored using a weak scrambling algorithm.
Over the course of the next few weeks, Twitch was flooded with complaints about hacked accounts. Again and again, users said their account had been hijacked. Many of these users had used the same password for both Twitch and Town of Salem.
Twitch had no discernible system to prevent automated logins, so attackers could hack into accounts with speed. Hackers could use automated account takeovers, bots that cycle through password lists stolen from breached sites, including Town of Salem.
This could be solved by using something other than email as your login, or by implementing two-step verification, but as far as we can tell, Twitch has not taken steps to rectify this vulnerability. If you played Town of Salem, make sure you didn’t use that password for anything else!
When: January 2019
Affected: None– successfully prevented
If you are a Fortnite gamer, your account was (at some point) in danger. Security researchers found that vulnerabilities in Epic Games’ website let attackers access user accounts after users clicked a link that was sent to them. After the takeover, attackers could potentially use the accounts to purchase and gift the in-game currency V-Bucks. Hackers could have presented themselves as the victim and talked to the player’s friends.
This particular hack was discovered in November, and patched by January. But money laundering schemes and phishing scams are still a danger on Fortnite.
How can you keep safe? Never follow links you don’t recognize, and keep your password secure. And to protect yourself from DDoS attacks — when hackers target your IP address and overwhelm your server — game using a VPN. That way, no one can see your real IP address, and you can game securely.