Pinterest Stumbleupon Whatsapp
Ads by Google

Without looking at statistics, doesn’t it feel as if the world of online gaming is as strong as it’s ever been? The mobile gaming scene has exploded, and it seems like hundreds of new games for the iOS and Android platforms are being rolled out every week. Nonetheless, the force is still strong with PC!

We’re getting to a point where gaming is a business for both developers and the players themselves. People make money by streaming themselves playing games. Players can now “go pro” in the most popular games and literally sign contracts that will qualify them for a salary on a professional team. Games like Diablo III have changed the face of online gaming completely by offering features like the real-money auction house Blizzard Launches Diablo III Real Money Auction House [Updates] Blizzard Launches Diablo III Real Money Auction House [Updates] Diablo III’s promised “real money” auction house has just launched. As its name implies, the real money auction house (RMAH) lets players purchase items for real cash. The currencies currently supported include the U.S. dollar,... Read More . Losing access to an account for an online game in 2013 isn’t quite what it was back in 2003. We are invested in our games. So what is up with the slack security?

Looking at Blizzard

Although Blizzard may be the one of the most recognized brands in PC gaming, their security woes are getting out of hand.

World of Warcraft

Some millions of people play Blizzard games, including World of Warcraft, StarCraft II, and Diablo III. So, what is their excuse for the constant security breaches?

Battle.net, which operates as the backend and account management interface of Blizzard, has been constantly targeted (rather successfully) by hackers. Battle.net accounts are literally being stolen every day. But how? Being savvy in this area of discussion, maybe they don’t use a CAPTCHA on their login and hackers are able to essentially “crack” accounts through brute-force attempts? Of course not. Blizzard is beyond that, and even offers a mobile or physical keyphrase authenticator to act as a second password and ensure that your account is protected at the login stage.

Ads by Google

It’s certainly not that all of these users are infected with some sort of trojan or malware that is compromising their accounts. Is it some security vulnerability in their server infrastructure? What is it?

I’ve not played World of Warcraft 4 Reasons Why Mists Of Pandaria Makes WOW Worth Going Back To [MUO Gaming] 4 Reasons Why Mists Of Pandaria Makes WOW Worth Going Back To [MUO Gaming] The latest World of Warcraft expansion has been on the market for a couple weeks, and I have been able to spend far too many hours playing it. I started playing WOW again a few... Read More , or any Blizzard game, for months, but I recently received the (shortened) email shown above. My assumption has to be that my account is being closed because it was compromised and then used and abused by one of these gold-farming mafias or other exploitative groups. How though? Well, check on Google for any search term similar to “Blizzard account stolen” or “Blizzard security breach” and it’s not much of a mystery.

WoW Accounts

This is a plague that has infected World of Warcraft even worse than the Corrupted Blood incident. The thing is, my account is currently being “protected” by Blizzard’s mobile authenticator. There is some very deep problem with Battle.net that Blizzard must explain. They’ve been hit with countless lawsuits due to these breaches of data, and it’s getting to a point where the company just looks plain negligent and irresponsible.

At this point, I can’t do anything else but assume that there has been some exploit that exists in Battle.net for years that has constantly allowed hackers to compromise accounts, basically at will. It’s really unacceptable, and something needs to be done.

Phishing on RuneScape

No, not fishing, the less-than-fun gathering skill on Jagex’s all-star online game. Phishing, the act of tricking a user into clicking a malicious link and then entering sensitive data for a hacker to take advantage of.

If you have an older RuneScape account, I bet you’ve received at least one of these emails. As you can see, it’s so routine for me that I don’t even read half of them anymore. Maybe I am accidentally clicking them. Surprisingly enough, this is yet another issue that exists for Blizzard, but we’ll let them off the hook for now.

These emails basically accuse you of trading items for real money, which is against RuneScape’s terms. Your first thought must be, “Hey, I’ve never done that! My account must be hacked!” Conveniently for you, “Jagex” offers you a link where you can appeal this case and claim your account was compromised:

The link, in text, looks trustworthy. However, it’s just a masked hyperlink. Hover that URL and look at your status bar very carefully and you will see the difference:

Okay, so all we’ve proven is that RuneScape players are often targeted by phishing scams. How is Jagex to blame for this? Well, how are our email addresses getting out? How do these people know we have a RuneScape account? Could it be because there have been security breaches at Jagex that have made our personal account information available to these people? It seems likely.

While Jagex can’t really do anything in response to past breaches and people having access to older lists of information, they can improve their security today. If Jagex cleans up their act and does their job, no one who is new to the game today will have to worry about encountering these deceptive emails.

Even Steam?

Gabe Newell’s army is strong, so let’s tread this one very carefully. Could there be some security concerns within everyone’s favorite digital distribution client?

In the video of above, we have Kripparrian. I’ve talked about Kripparrian before, and those of you who follow games like World of Warcraft, the entire Diablo series, Path of Exile Path Of Exile Is A Free & Addictive Alternative To Diablo III [MUO Gaming] Path Of Exile Is A Free & Addictive Alternative To Diablo III [MUO Gaming] Despite breaking the single-day record for sales of a PC game, at 3.5 million, I feel as if Diablo III has turned out to be a bit of a flop. The game had a rocky... Read More , and Neverwinter may have heard of him. Coincidentally enough, Kripparrian has achieved superstar status in the PC gaming community as being this guy who finds clever ways to basically exploit the economy and other gameplay elements of MMORPGs and MOBAs.

Strangely, as he is such a gamer, Kripparrian seems to have not downloaded Steam 8 Things You Didn't Know About Steam 8 Things You Didn't Know About Steam Steam started out as an annoying program that came with Half-Life 2, but it’s grown into the PC game store of choice for most PC gamers. Although some people aren’t fans and prefer alternative stores,... Read More until March of this year. This video is a bit of a rant about Steam’s security during the registration process, but Kripp prefers… Blizzard games. Interesting.

To summarize his situation, he was streaming to an audience of a few thousand people while registering a Steam account. After his registration was complete, Steam asked him to verify his account credentials and showed his username and password in plaintext. While I don’t think it’s a good practice to ever do that, we have to consider two things:

  1. I don’t think anyone should be registering an account for anything in front of anyone, especially not to a stream of thousands of people.
  2. The security concerns that this does bring upon the user can be quickly taken care of.

Later on during this night of streaming, Kripp was under the impression that, just by revealing his Steam username, he was being hit with a DDoS attack. Later, he learns that this wasn’t what had actually happened, and it was more at fault of the way Steam manages your bandwidth when downloading a game.

It’s an issue that even I’ve had, but it is fixed by limiting the amount of bandwidth that you allow your Steam client to use.

Being the giant that Steam is, security over at Valve isn’t all that bad. There are maybe a few blemishes, but I really believe that they’re willing to do whatever is possible to protect the security of their customers and please gamers everywhere. Sometimes we nitpick, and other times we have severe problems. You won’t find an alternative better than Steam The 3 Best Alternatives to Steam for Downloading Games The 3 Best Alternatives to Steam for Downloading Games For PC gamers, Steam’s digital download service has insane deals, offers excellent customer support, an easy-to-use interface, and provides a wonderful selection of games. There is very little to find fault with. With that said,... Read More , but certain situations should still be addressed.

What about you?

Do you have any security horror stories in the realm of online gaming? It happens, and I’d like to hear about it. If not, you’d be surprised at what it does to a gamer! Having an account compromised and picked apart that belonged to one of my favorite games ever was one of the worst hacking incidents that I’ve experienced, and thinking about it today still has me a little upset over it. It’s not cool.

Let me know what you think about the state of security in online gaming in the comments below!

  1. Keith
    July 26, 2013 at 6:21 am

    Awesome insight here! I have to agree with Lisa O though, Most of the gaming I do online nowadays is gambling and thats where security is even more relavant. These are some suggestions I found that I always keep to heart when playing online.... Most of them still apply. And tyhe old adage of prevention is better than cure also applies here http://www.pokerlistings.com/the-basics-of-online-account-security-infographic

  2. Lisa O
    July 26, 2013 at 3:50 am

    Well. personally I think this article is a bit one-sided to Steam. Compared to the mostly neutral tone in 'Blizzard', Steam's part of the article has defensive tone.Disclaimer: I don't play any games from Steam and Blizzard
    That aside, the issue you proposes is real and deserves more recognition. Both companies are already infamous but I judging from the news, I don't see them changing their ways.
    Thankfully I've never experienced such horror stories, but I've seen a lot of people lost their prized characters. Mostly those who are gullible enough to believe random shout on public chatbox ingame about 'free cash items in this website!' and such. This is caused by the gamers themselves, unlike problems mentioned above.
    When it's the service that uses insecure practices, we sadly can't do anything (you even had authentication factor) so the best course of action to me is to stop playing games from said company until the issues are resolved. Parting with our character might be harsh, but it's better than having to deal with hacked accounts again and again.

Leave a Reply

Your email address will not be published. Required fields are marked *