Online games a 'playground' for organized crime, according to security expert

Online games are a "playground" for organized crime and cyber criminals, JD Sherry, vice president of technology and solutions at Trend Micro said following the news that League of Legends accounts were compromised.

Earlier this week, account information - usernames, email addresses, salted password hashes, and some first and last names - for some North American League of Legends players were "compromised" by hackers. Riot was also "investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed."

The increase of free-to-play online gaming across all platforms over the years "have opened the doors to micro-transactions in-game." The simple and functional systems created so players can spend money effortlessly creates "playgrounds" for cyber criminals take advantage of. Attackers can either 

"Game platforms can have millions of users all storing sensitive information or code access for more features," Sherry said. " These are highly sought after in the cyber-crime underground for trading and selling in the black market. These platforms can fall victim to cyber-attacks just like any organization, especially if they have vulnerabilities that go unpatched.

"The most recent attack against League of Legends allowed for exfiltration of sensitive gamer details and financial information," Sherry continued. "Other attacks are done in a watering hole fashion: essentially infecting all or part of a gaming platform to then ultimately distribute malware once innocent victims access the site going forward. These types of attacks have even bigger consequences to the gamers if their systems or devices become infected."

Sherry offers online players the following precautions and steps to ensure that personal information remains secure:

1. Keep your gaming PC/device current with operating system and application patches (Java, Windows, Adobe)

2. Change your passwords to your system and the online gaming community with frequency (every 3-6 months)

3. If you notice any suspicious activity, always change your password to your account immediately

4. If possible, don't store any personal sensitive data (social security number, home address, date of birth) that hackers could use for fraud

5. If you have to retain a form of payment to participate, use a credit card (not debit) and one preferably with a virtual account number

6. Run frequent security scans on your own system to ensure no malicious programs have been delivered via the game client

7. Frequent user forums to raise your awareness regarding security issues with the community

8. Use a pre-paid cash card for in-game transactions

More from Polygon

The horror of Five Nights at Freddy's

  • Dark Souls 2: Crown of the Old Iron King Overview

  • Spacecom: a fast 4X built for multiplayer

  • Pillars of Eternity builds on role-playing classics

  • Tour the 1 KB hard drive built inside Minecraft

Latest Discussions

Log In Sign Up

Log In Sign Up

Please choose a new Polygon username and password

As part of the new Polygon launch, prior users will need to choose a permanent username, along with a new password.

Your username will be used to login to Polygon going forward.

I already have a Vox Media account!

Verify Vox Media account

Please login to your Vox Media account. This account will be linked to your previously existing Eater account.

Please choose a new Polygon username and password

As part of the new Polygon launch, prior MT authors will need to choose a new username and password.

Your username will be used to login to Polygon going forward.

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.