Online games are a "playground" for organized crime and cyber criminals, JD Sherry, vice president of technology and solutions at Trend Micro said following the news that League of Legends accounts were compromised.
Earlier this week, account information — usernames, email addresses, salted password hashes, and some first and last names — for some North American League of Legends players were "compromised" by hackers. Riot was also "investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed."
The increase of free-to-play online gaming across all platforms over the years "have opened the doors to micro-transactions in-game." The simple and functional systems created so players can spend money effortlessly creates "playgrounds" for cyber criminals take advantage of.
"Game platforms can have millions of users all storing sensitive information or code access for more features," Sherry said. " These are highly sought after in the cyber-crime underground for trading and selling in the black market. These platforms can fall victim to cyber-attacks just like any organization, especially if they have vulnerabilities that go unpatched.
"The most recent attack against League of Legends allowed for exfiltration of sensitive gamer details and financial information," Sherry continued. "Other attacks are done in a watering hole fashion: essentially infecting all or part of a gaming platform to then ultimately distribute malware once innocent victims access the site going forward. These types of attacks have even bigger consequences to the gamers if their systems or devices become infected."
read full article here: