In January 2015, media reported that a plain text file containing over 1,800 Minecraft account usernames and passwords were leaked online (The Hacker News, 2015). Even though the 1,800 leaked account usernames and passwords are just a fraction of the Minecraft user database, this hacking could have huge implications. With these credentials, hackers can log in to the accounts and own it. Microsoft, who acquired Mojang, the creator of Minecraft, took appropriate steps to secure the breach.
So why is this so important? Well, we need to get a grasp of how important these online games, like Minecraft and World of Warcraft are. For example, World of Warcraft had around 5.5 million users in 2015, and just like any other massively multiplayer online game, it features a virtual in-game economy where plays can earn, pick up or purchase virtual items (Statista, n.d.; Trend Micro, 2015). If hacker find a way to enter the user database to gain the credentials of a fraction of users, they can take these items or even the entire account. The online gaming world is filled with reports of missing (stolen) in-game items, accounts, or characters that are held hostage for ransom. This may seem pitiful for non-gamers, it has serious implications for players who invested tons of in-game hours and real money to acquire these items. But it’s not all about money, accounts also contain personal information, like real names, addresses, email addresses, and even credit card accounts. In the end, this information is more valuable than in-game items.
So how can this be prevented? Since it can not be expected of companies to have a complete protection against intruders, because companies tend to not know if there is a breach only to find there is one when hackers entered the database. My best guess is to not always enter your real information, even though this is required. Make up a fake name and fake address to ensure the information that has been stolen is worthless. Also, if you are not planning to buy in-game items, why should you link your credit card to your account? I would like to hear your thoughts about this subject!
References:
Statista. (2015). Number of World of Warcraft (WoW) subscribers from 2015 to 2023 (in millions). [Online] https://www.statista.com/statistics/276601/number-of-world-of-warcraft-subscribers-by-quarter/. (Accesse
d 17th October 2018)
The Hacker News. (2015). Minecraft hacked! More than 1800 Minecraft account Credentials Leaked. [Online] Available at https://thehackernews.com/2015/01/minecraft-game-hacked.html. (Accessed 17th October 2018)
Trend Micro. (2015). Data Privacy and Online Gaming: Why Gamers Make for Ideal Targets. [Online] Available at https://www.trendmicro.com/vinfo/de/security/news/online-privacy/data-privacy-and-online-gaming-why-gamers-make-for-ideal-targets. (Accessed 17th October 2018)
Hi Sander,
Interesting article! I am not a gamer myself, but I know that the E-sport industry is growing. So, it is important that our personal data is secured, which is by the way not only limited to this industry. What I first thought of was ‘blockchain’ for this problem. Gamers can use them for various reasons, like decentralizing asset exchanges, to verify the scarcity of virtual items. It would also allow a fast and secure payment network and allow developers to properly monetize their creation. Apparently there are already games out there, such as Cryptokitties, which are actually build on blockchains. It is very interesting in my opinion, because it explores the concept of ‘digital scarcity’. It is a service to buy, breed and sell digital cats on the blockchain. These Cryptokitties are similar to real-world collectables like Pokémon cards or Beanie Babies, but unlike those, you can breed them. That part of the code is still secret, but fans have spent a lot of money ($23 million) to breed cryptokitties to get certain attributes that will make their cryptokitties more valuable. You should check it out!
Dear Sander,
Thanks for your contribution! The problem you are describing seems, to me, one of the biggest privacy challenges we face in the next ten years.
In my last blog I talked about privacy and permanent data as well; in my opinion data entered to the internet will (potentially) be permanent; the internet never forgets. This is not a problem in itself but because of advancements of malicious technology this data will eventually become public knowledge and thus can be used for ill intent.
My proposed solution was to take another look at our “personal data” itself; what do we deem personal data, what can be achieved by having that data, and with whom do we share which data?
For example, in the Netherlands the social security number was originally intended to be solely used a secure, trustworthy way for the state to identify its subject. It didn’t take long before hotels, creditcard companies and car rental companies requested this social security number as well and without much hesitation people simply shared this data. We started sharing “secret” data with companies that had no right to request this data.
Fast forward to 2018; some people have Bitcoin and their “private key”, which gives the person who has knowledge of this key full control over their assets. No one in their right mind would share this key with a company. In my opinion we should reevaluate all our other personal data as well.
Can I have your private key?
Kind regards,
Willem
Interesting to see how things have changed when looking back to 10-15 years ago. I distinctly remember my father telling me to never trust anyone on the Internet and to never under any circumstance post my address, bank account or phone number anywhere. Now this is the most natural thing in the world, just posting your real information on any service you use on the internet. Spotify wants your address, but for what reason? People are generally unaware of the security on certain websites too; browsing this website it states: “Not secure” next to the address bar.
I’m always glad that credit cards are not really a thing in The Netherlands. Feels much safer to not have one, than to have the fear of my credit card details leaking out. I agree that it could be beneficial to not share address and other personal details on every service you use.
Also to see whether your e-mailaddress has been compromised, check “haveibeenpwned” (not sure if links are allowed in comments by WordPress; just Google it).