Gaming Security

Why Gaming Network Hacks Prove The Need for Two Factor Authentication

Christian Cawley 09-09-2015

If you’ve been wondering why you can’t sign into your gaming network, it might be because the service has been hacked. This is something that has happened all too often in recent years, and it continues to happen on a massive scale and in individual cases.


Avoidance is best achieved through vigilance (which might mean regularly changing your password and employing two-factor authentication where possible), but to give you an idea of the scale of the problem, here’s a rundown of five gaming network hacks in recent years.

Sony PlayStation Network

In April 2011, the Sony PlayStation Network was breached, with the hack (which affected PSN, Qriocity, now Music Unlimited, and the Sony Online Entertainment SOE subscription service) resulting in the data of as many as 77 million people being stolen.

According to Sony, a variety of personal data types were accessed, such as name and address, PSN login details, email address, DOB and even credit card details. While the latter were encrypted, the strength of the encryption has been in doubt ever since.

As a result of the breach, which Sony took responsibility for and worked to improve their security, Sony gave customers digital goods as part of a $15 million settlement in response to a class-action lawsuit. Having your PlayStation account hacked is no fun Think Twice about Buying a PlayStation: How Getting Hacked Made My PSN Content Useless My story begins sometime around the American launch of the PlayStation 4. I hadn’t turned my PlayStation on for about a week having been bowled over in work - I needed a break. I’d bought... Read More , as our own James Bruce discovered.

Since then, Sony’s online security has improved. Apart from 2014’s North Korea-blamed attack on Sony Pictures 2014's Final Controversy: Sony Hack, The Interview & North Korea Did North Korea really hack Sony Pictures? Where is the evidence? Did anyone else stand to gain from the attack, and how did the incident get spun into promotion for a movie? Read More , of course.


The Ghost of Christmas Hacks

Back in December 2014, while the world was shaking its head over the reactionary response to the Sony Pictures hack, an Anonymous-affiliated group called Lizard Squad 4 Top Hacker Groups And What They Want It's easy to think of hacker groups as some kind of romantic back-room revolutionaries. But who are they really? What do they stand for, and what attacks have they conducted in the past? Read More targeted Amazon, Ubisoft, Hulu, Microsoft’s Xbox Live system, PSN, and online gaming site among others.

The resulting attack knocked Xbox Live and PSN offline over Christmas Running Linux In A Chromebook Window, Xbox Hackers Offer DDoS Attacks [Tech News Digest] Also, the Xbox One SDK leaks online, the most pirated movies of 2014, Nuclear Throne freebies, and a look back at 2014 in GIFs. Read More . For those with new hardware from Santa Claus, this was a disaster. Later, Lizard Squad leaked a relatively modest 13,000 accounts.

Appearing on the BBC’s Radio 5 Live, two men claiming to be from Lizard Squad said that they had been acting in the “public good”:


“[We did it] largely to raise awareness regarding these issues. …We are also doing it to amuse ourselves but there is definitely the aspect of the public good involved.”

There’s nothing better than screwing people over in the name of the public good at that time of year that promotes peace and goodwill to all men, is there?

Hacking Boiled Water Vapor

PC uses chortling away to themselves over the ineptitude of the PSN and Xbox Live might do well to remember that various desktop-based game distribution and achievement recording services have been hacked over the years.

Most memorable is Steam, which in mid-2015 was the subject of a bug in the forgotten password retrieval system which attackers could use to hack user credentials. Embarrassingly, the retrieval tool could be used without all of the supposedly required information being entered, as depicted here.

Valve soon confirmed the bug, which existed from 21-25 July, and enforced a password change on all accounts that had reset their passwords during this time. Additionally, the affected accounts were locked down for five days.


Ubisoft UPlay

Possibly the most unpopular video game publisher in the world, Ubisoft was hit by a major breach in 2013, affecting the Uplay servers – those ones that insist on being contacted by your games in order to authenticate the aggressive DRM system.

(How anyone could have an axe to grind against Ubisoft continues to baffle me, but there you go…)

In a statement, the French company advised:

“We are recommending you to change your password. Out of an abundance of caution, we also recommend that you change your password on any other Web site or service where you use the same or a similar password.”

Names, email addresses and encrypted passwords were stolen in the hack, although Ubisoft insists that financial data is (rightfully) stored separately. Prior to the hack, user accounts were already targeted by hackers, so none of this came as a huge surprise.


It’s just a shame Ubisoft didn’t spend as much time and money protecting the data of its paying customers as it did imposing DRM Ubisoft DRM Monitors Hardware, Locks After Three Activations [News] There are few companies easier to bash than Ubisoft when it comes to copy protection. The company has long used an activation scheme on most of its games that ties activation to your computer’s hardware... Read More .

GOG Credentials Hacked

Fans of retro games love GOG, a digital distribution service that offers DRM-free versions of classic titles stretching back to the 1990s. But even users are subject to having their accounts hacked.


While there has been no mass hack resulting in credentials being leaked, GOG does have a bit of a poor record when it comes to responding to individual accounts that have been hacked. This isn’t a reason to avoid using the service (it’s a great way to revive old titles and guarantee they will work on your machine, particularly useful to Windows 10 users How to Play Games with SafeDisc or SecureRom DRM on Windows 10 Gamers with a penchant for retro titles have been particularly hard hit with the news that titles that employed SafeDisc and some versions of the Securerom Digital Rights Management system are not supported. Read More ), but it is worth remembering that if your account is hacked, you may have a bit of a wait for’s support people to provide a resolution.

Your Gamer Accounts Are Gold to Hackers

The lesson here, of course, is that your gaming accounts are just as important as your banking and online shopping accounts. Employing regular password changes (creating a memorable-yet-secure password How to Generate Strong Passwords That Match Your Personality Without a strong password you could quickly find yourself on the receiving end of a cyber-crime. One way to create a memorable password could be to match it to your personality. Read More isn’t as hard as you think) and two factor authentication Two-Factor Authentication Hacked: Why You Shouldn't Panic Read More wherever possible are your best options for keeping things secure at your end, but if the hack happens on the game network’s server, then you have the option of abandoning that service.

While this may mean that you can no longer play your game(s), you will have improved your security.

Is this a step you’re willing to take? What can gaming networks and digital distribution services do to improve the situation? Tell us your feelings in the comments.

Related topics: Hacking, Sony, Steam, Xbox Live.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *