Recently, the world’s largest fast food chain, McDonald’s, issued a formal statement that claimed its promotions database had been hacked. Because of this breach, millions of its customer’s personal data had been compromised. The stolen data could make those customers susceptible to identity theft through phishing attacks. The source of the problem was McDonald’s popular Monopoly game in which customers could win cash prizes up to $1 million.
The stolen information did not contain Social Security numbers or sensitive financial information. However, it did contain home addresses, email addresses and similar data. It was noted that many players give false ID information in various company promotions. However, the McDonald’s Monopoly game is one of the most popular promotional games in the U.S. This meant that thousands of players provided accurate telephone and email contact information for a chance at winning the game.
McDonald’s has claimed that the breach came from another company that was charged with managing their promotional files, which included their Monopoly gaming information.
Another extremely popular form of gaming involves broadband Internet connections and newer technologies. In our society’s more sophisticated computer gaming world large amounts of money and time are invested. This extensive field of online activity has created a tempting opportunity for cyber criminal activity. The generalized risks of online gaming can be broken down into the following categories:
• Risks from malware infection (Trojans, spyware, keyloggers, etc.)
• Predators (online and in the “real world”)
• Security attacks from outside intruders looking for vulnerabilities
• Social interaction risks that involve revealing sensitive information
There are many choices when it comes to online gaming. One of the most popular is known as the “Massive Multiplayer Online Role Playing Game” (MMO or MMORPG). With this type of game, an online persona is created for playing in virtual community adventures. However, as with any virtual environment involving social interaction, there can be occasional crossover into the real world.
An example of this can be seen in virtual game items that are sold for actual cash on Ebay. Some games will witness players using real money in order to purchase virtual personal property. These practices can lend themselves to criminal activity opportunities known as “virtual crimes”. The purpose of a virtual crime is to secure credit card data and other personal information.
Online gaming can leave one exposed to several risks that are technology-based. The greatest risk is associated with the social networks that are attached to online games. These networks can rely on email, chat and voice communication to lure unsuspecting players to bogus websites or open infected email attachments. These websites and emails can contain the malware that will take over control of the compromised PC. This infection can then spread to other computers within the gaming network.
The game servers, themselves, are also at risk for infection. In one recent case, two MMO games “Anarchy Online” and “The Age of Conan” presented security issues. In these games, it was possible to exploit code that would allow a hacker to read other gamers’ computer files. This would then allow the hacker to crash the game in the middle of online play. However, in the case of “Anarchy Online”, full control of other gamers’ computers was possible. Later, software patches were issued to address the vulnerabilities. In general, computer servers that run gaming applications are always at risk if security protection isn’t sufficient to repel an attack.
A protocol is used for communicating information between computers. But the game protocols, themselves, may not be as secure as other commercial software protocols. This is because a game protocol may not receive the same level of scrutiny as, for example, a business application. This is a major reason why games can, in many cases, exhibit “bugs” when installed on different types of computers. In addition to introducing buggy behavior, unexpected vulnerabilities may also be introduced to a gamers’ PC.
If a gamer is not careful when creating an online gaming profile, sensitive personal information can be obtained by malicious individuals. Other accounts can be set up in their name and their current financial accounts may be accessed. An example of this occurred in 2016 when over 220,000 South Koreans were victimized through connections with a web-based game named “Lineage”. Those involved noticed the problem when they observed that unauthorized accounts, in their names, were being set up for the game. It was speculated that there was Chinese involvement in the ID theft in order to create virtual abilities and weapons that could be sold online for cash.
Good gaming security is necessary when participating in online games. This can include:
• The use of updated antispyware and antivirus programs
• Using caution when opening emails
• The verification of the security and authenticity of downloaded files
• The use of a firewall
• Using strong passwords
• Updating your software with the latest patches