How Are Video Game Accounts Hacked & What Can You Do To Protect Yourself?

Matt Smith 12-06-2012

hacked video gamesGame accounts have been the targets of hackers for years, but as more games go online or require account verification the stakes are only rising. Having your account hacked could mean hours of lost work and hours more spent on the phone with the game’s tech support.


So how are game accounts hacked, and what can you do to stop yours from being a target?

An Old Hat – Guessing Passwords

hacked video games

I’ve written a fair number of security articles on MakeUseOf, and although they often have different topics there are some basic tidbits of wisdom that remain the same. Use complex passwords. Change them occasionally. Don’t disclose them to anyone.

It’s no different with games. Although most people play games just for entertainment, hackers go after game accounts for the same reason they go after any other – profit. In-game items and/or digital game copies are worth real money.  In some games, items can be converted to in-game currency that can be re-sold to other players on the black market.

Telling ourselves that hackers are entering systems via complex methods that we can’t possibly detect or avoid is comforting. But in truth, hackers often use simple methods that arguably aren’t even hacking. Why? Because they work. Security studies have shown that about 30% of people use passwords with just six alphanumeric characters and a significant number of people still use strings of characters like “123456” or even “password” as their password. There’s no need for any hacking to take place when so many users have such lax security.


Gamers would often like to think they’ve above such tomfoolery, but we have no reason to suspect that’s the case. We are simply consumers of a specific form of entertainment. If you are currently using a simple password, change it now. And if you’re not sure about the strength of the password you’ve chosen have a look at our round-up of password strength tools Put Your Passwords Through The Crack Test With These Five Password Strength Tools All of us have read a fair share of ‘how do I crack a password’ questions. It’s safe to say that most of them are for nefarious purposes rather than an inquisitive one. Breaching passwords... Read More .

Another Old Hat –  Keyloggers & Phishing

hacked games

Even if you have a secure password you can still have an account compromised if someone else discovers what the password is. Sometimes this occurs because a friend manages to obtain or guess another person’s password, in which case you’ll probably wake up with all your gear dyed pink. For the most part, however, such problems come from keylogging or phishing.

Keyloggers are common. They’re not hard to implement or to send into the wild. Gamers are just as vulnerable as anyone. Perhaps more so – we often download patches, mods and add-ons to games. World of Warcraft has been struck by keyloggers built in to fake game add-ons, for example.


The large number of accounts we have with different game companies and websites also make use prime targets for phishing attacks. Did you register for that Star Wars: The Old Republic website? Hmmm. That would have been a few months ago. It’s hard to remember.

We’ve already covered methods of protection before, so instead of going over it again, I’ll direct you to our articles about combating keyloggers 5 Ways to Protect Yourself Against Keyloggers Keyloggers are one of the most feared threats to computer security. Heed these tips so you don't fall victim to hackers. Read More and identifying phishing attacks What Exactly Is Phishing & What Techniques Are Scammers Using? I’ve never been a fan of fishing, myself. This is mostly because of an early expedition where my cousin managed to catch two fish while I caught zip. Similar to real-life fishing, phishing scams aren’t... Read More .

Brute Force

hacked games

Most people who are compromised swear up and down that their passwords are secure and they couldn’t possibly be the victim of a keylogger. It’s quite strange. When it comes to gaming, the people who are the smartest about their security are the most likely to be hacked.


That was sarcasm. Still, it’s worth talking about brute force, a tactic that is commonly thought to be the culprit and may in some cases actually be the problem. A brute force attack is an attempt to crack a password by using a library of random passwords as quickly as possible. Eventually, one will work.

This sounds like a probable culprit, but it’s not. Most games have lock-out mechanisms that will prevent additional logins after a certain number of tries. In addition, brute force attacks are usually not effective against complex login servers because of the time required to log in. Even a correct password will take a few seconds to verify.

That’s not a lot, but it becomes an issue when a hacker is trying to crack an account using a library of hundreds of thousands or even millions of passwords. That small delay can translate to days, weeks or years of additional time.

Hackers can get around this by using relatively small libraries that contain only extremely common passwords. But this just leads us back to proper password security. Brute force attacks can be an issue, but the methods of protection outlined above will work against this attack as well.


Authentication Phishing Attacks

hacked video games

Some companies, most famously Blizzard, have started to use authenticators with their games. These devices work by generating a code based on a pre-defined encryption algorithm owned by the company. Each authenticator will generate certain codes at certain times, but the codes can only be guessed if you have your hands on the algorithm. Which no one besides the company has (in theory).

But this can still be subject to phishing attacks. A fake website can ask for an authenticator code just like any other. These codes are only valid for an extremely short period of time – usually a few minutes – but that can be enough time for a hacker monitoring income information to log in, at which point the hacker can change account passwords, strip gold and items, and etc.

The basics of protecting against this are the same as protecting against any phishing attack. Do not assume a source that is asking for your authentication code is legitimate. Ask yourself – how did I get here? Does this page look different from normal? What’s the URL? If there’s any doubt, leave the site immediately.

Are There “Real” Hacks?

Yes. Absolutely. There are methods of hacking that can compromise numerous accounts. The PlayStation Network is the most famous case of wide-spread infiltration by hackers, but even companies like Valve and Trion have had smaller, less serious security issues.

There’s also always the possibility of a man-in-the-middle attack or a local wireless network being compromised. Such things do happen.

But they are also rare because they’re not easy. The PlayStation Network hack The Sony Playstation Network Hack [Infographic] It's not been a good time for Sony's Public Relations in the past few months with not only one but two breaches of their Playstation Network, and they didn't exactly help their cause when they... Read More was exceptional because of its duration, apparent ease and severity. Sony did not take the proper security measures. Most hacks of other game company servers have had caused minimal damage because the companies detected the attacks relatively quickly, took the right steps to limit the problem and encrypted valuable user data.


The chance that you’ll be hacked via a “real” hack is small. Organizations that consistently compromise game accounts are in it for the money, and the best way to make money is to use the simplest methods possible. There is no need to hack game company servers when a non-trivial portion of any game’s user base uses six-digit passwords and is vulnerable to keylogger infection.

Protection is simple as a result. Use strong passwords. Use an anti-virus and firewall. Use best practices for safe computer use. And, yes, use an additional authentication method if one is provided by the game’s developer.

Image Credit: Coconinoco

Whatsapp Pinterest

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. syed shaik
    April 12, 2016 at 4:29 am

    is it easy protect our online account while playing a game??

  2. Brad Haccer
    October 9, 2012 at 11:23 pm

    contact bradhaccer at aol dot com for your hacking problems

  3. Krzysztof Buzko
    June 13, 2012 at 10:46 am

    Thanks for this article, it's a fact that most of people use easy-to-remember passwords. I was doing the same some time ago. But my Facebook account was hacked (don't know by what method). i got a bill for advertisment and some other things. it took me a long time to resolve this matter with Facebook customer service. From that moment i'm always using more complex passwords. and always check if the website i am giving my password is the website i wanted to go to. Man is always smart after a loss.

    • Matt Smith
      June 17, 2012 at 2:48 am

      A lot of people wait until there is a problem to fit it. Don't let it happen to you! \

      • lololol
        August 9, 2012 at 3:12 pm

        Well i have been hacked onces in this online game am scared because i sued my real email

      • lololol
        August 9, 2012 at 3:12 pm

        Well i have been hacked once in this online game am scared because i sued my real email

  4. Terafall
    June 13, 2012 at 9:00 am

    Then,how can we identify when a cheat,mod,etc we download has keylogger?

    • Pavel
      June 13, 2012 at 9:31 am

      Eh, well there are a few 'trusted' cheat publishers like h4xor (and his SI cheats site), but the odds are that someone will just download a trainer for a game, bind it with their dropper, and it will be executed with the trusted trainer (assuming you downloaded the binded file from some dodgy site).

      I never fully trust anything in that grey area (be it anything from cheats/trainers, to pro RATs etc), and so I run everything in Sandbox, to see everything that launches when I open a file.
      Case in point: I was recently testing a crypter someone posted on Hack Forums, and after opening in Sandbox, I could see three applications running. After closing the crypter, the two other 'hidden' applications were still running, and demanding access to random parts of my system. Clearly, the crypter was infected. I even managed to trace the DynDNS they used for their keylogger to communicate with them, and got their IP perma-banned.

      Few notes that I should mention. If you scan a trainer using an antivirus, there is a high possibility it will detect it as a virus. This is because most trainers inject little pieces of code into the memory when your game is running, in order to change its properties and therefore cheat. Don't trust your AV, trust Sandbox ^^
      Also, quite a few modern virus' have a protection against being ran in Sandbox. Therefore, if nothing loads in Sandbox, don't trust it.

      Lastly, don't cheat. It just takes all the fun away.

      • Matt Smith
        June 17, 2012 at 2:47 am

        This is good advice. Trainers are well known for tripping up anti-viruses and I think some gamers decide just to note really scan them as a result. Which is, uh, unwise.

      • syed shaik
        April 12, 2016 at 4:33 am

        yup it's a good advice bro and I got useful information from this blog....!!!

  5. GamerJunkdotNet
    June 12, 2012 at 5:02 pm

    Another way people are hacked is when they download "cheats" for games which are really just broken programs that they log into which steal their passwords.

    • Pavel
      June 12, 2012 at 7:58 pm

      ...which, as Matt mentioned in his article, would in fact be a keylogger.

      There aren't many ways to cheat in games revolving around the MMO/MOBA genre anyway (unless we're talking about World of Warcraft, a 10-year old could cheat there), and the odds of an actual cheat coming out to the rest of the internet is more than unlikely - gaming hackers keep their cheats very private, to keep it undetected for as long as they can.

      By the way Matt, wouldn't guessing passwords and bruteforcing be essentially the same?
      I would imagine bruteforcing to only define the act of automating the input of random passwords on random accounts - contrary to guessing passwords, which true hackers would only do if they felt very confident about their knowledge of the account owner (mainly their behaviour on the internet).

      Also, I've received a slightly disturbing e-mail from Riot Games three days ago - might want to include it in your articles next time you point out poor security ^^
      [Broken URL Removed]

    • Tanguy Djokovic
      June 12, 2012 at 10:33 pm

      yeah people must be careful and always display the extension of a file, some pirate will name their file "something.jpg" while it actually is "something.jpg[.exe]" but the .exe is not shown. So always display the full extension even if it's a bit ugly

  6. Dany Bouffard
    June 12, 2012 at 4:52 pm

    Also something to remember when receiving email from a game company is they will never actually ask for your passwords for gaming accout. Never ever give your password with anyone.