Slashdot Mirror

← Back to Stories (view on slashdot.org)

MMORPG Developers Warned of Security Risks

Posted by ryuzaki0 on from the not-always-just-a-game dept.

phantomfive writes "According to an article on ZDNet, hackers are now targeting players of MMORPGs (mainly WOW), stealing their passwords, then selling their gold/equipment for money in the real world. Microsoft security development engineer Dave Weinstein warned developers of the new dangers their titles face at the company's annual Gamefest event." From the article: "Online game accounts are already on sale in the black market next to stolen credit card accounts, fraudulent passports, fake work papers and other illegal items gathered by identity theft. In fact, some game accounts can be worth up to $10,000. 'For a lot of the customers out there, there is more store value on their MMO characters than there is on the credit card with which they pay for the account,' said Weinstein."

9 of 91 comments (clear)

  1. Value is in the eye of the beholder by mhazen · · Score: 1, Insightful

    'For a lot of the customers out there, there is more store value on their MMO characters than there is on the credit card with which they pay for the account,'

    If that was really true, MMO's would let users pay their monthly fees with virtual gold.
    --
    Rock is dead. Long live scissors and paper!
    1. Re:Value is in the eye of the beholder by ichigo+2.0 · · Score: 4, Insightful

      If that was really true, MMO's would let users pay their monthly fees with virtual gold.

      Read the quote you copied again. Some of the customers value their MMO characters more. If a customer values rocks more than dollars, does it mean Dell will sell him an laptop for rocks? Of course not. To a MMO customer virtual gold is a limited commodity, and involves grinding and work to create. To Blizzard virtual gold has no value, as they can create it in unlimited amounts with a press of a button.

  2. Good practices by andrewman327 · · Score: 4, Insightful
    As with all of these hacks, the key is vigilence. I know that Runescape has an optional banking PIN number that has to be selected by clicking on randomly positioned numbers. I know that screengrabbers can still read it, but it is a good step. Change your password often, especially if you game from public computers. Even reputable Internet cafes can have a malicious user who installed a small hardware keylogger a few hours ago to steal passwords.


    I have read many tales on gaming forums of "I gave my password to person X for this reason and now 300 people have it." Do not give your password or other information to anyone for any reason. Report players who try to get it from you to the appropriate authority. Also avoid websites that offer training or any other gimmick that requires account info. I know that identity theft (real or virtual) is impossible to prevent 100% but common sense steps can make it much more difficult.

    --
    Information wants a fueled airplane waiting at the hangar and no one gets hurt.
  3. Write Little Say Little by FST · · Score: 2, Insightful

    The article (a whopping 300 words long) says not much more than "people are selling mmorpg accounts on the black market". How is this not obvious, let alone even slightly newsworthy even on a slow day?

    --
    46487 466780 252994 376409 96920 39622 205366 244315 622115 512361 668040 63608 259203 955314 811176 652718 166330 23922
  4. Re:That's a Lot of Cash by PFI_Optix · · Score: 5, Insightful

    I can't imagine someone paying hundreds of thousands of dollars for a single item of sports memorabilia, but it has happened. Is it really so far-fetched to suggest that there exist at least a handful of people with too much money who are willing to spend that money on having more than anyone else does on WoW?

    For that matter, given the current state of society, should we even act surprised? These are the same rich kids who spend thousands of dollars a year to have the fastest computer on the block, the latest iPod and accessories (even though four perfectly good iPods are sitting in a desk drawer somewhere), and whatever else they perceive as a must-have status symbol.

    --
    120 characters for a sig? That's bloody useless.
  5. Re:That's a Lot of Cash by Atheose · · Score: 2, Insightful

    The difference between the two is that sports memorabilia is physical--you can put it in a glass case, you can touch it. The only thing you can do with that level 60 Paladin decked out in Epic items is run through Ironforge.

  6. Typically the user's fault. by Anonymous Coward · · Score: 1, Insightful

    Most of the account stealing in question has nothing to do with security flaws within the game itself, and more to do with user stupidity.

    1. User gets themselves infected with malware. Many executables out there that claim to be "cheat" tools for the game end up simply being trojans with keyloggers designed to steal your account name and password. The solution is not to download what you think is a cheat or hacks, and to follow standard steps to prevent yourself from getting malware.

    2. Many users will use the same account name and password on game-related fansites and forums that they do for their actual game account. It has been revealed that many of the very popular WoW "fan sites" (some that allow you to log in and create a profile) are owned by IGE, partners of IGE, or similar "gold selling companies." No fansite should be accepted as trustworthy, including your guild's own forums. Users should never use the same account name and password they use for their game account for a login on a fan related site

    3. Many users have extremely weak passwords. Simple enough.

    4. Many users will flat out share their account name and password with their online friends and guildmates. Not smart at all.

  7. Re:That's a Lot of Cash by Anonymous Coward · · Score: 1, Insightful

    The vast majority of stockholders just own some bits on a broker's server somewhere, yet the public considers this as "property", and even insures the stockholder against their broker's server simply disappearing their stock.

  8. Re:That's a Lot of Cash by Anonymous Coward · · Score: 1, Insightful

    Come on people, nobody is that addicted? Who can imagine paying $10,000 for a WOW account? It's as ridiculous as the price of some of the paintings that sell at art galleries! I can't imagine a game account selling for that much.

    The account itself may not sell for $10,000, because that's a lot of money and it's something that is fairly easily traced, assuming the victim presses the issue with Blizzard. However, if you can snag the passwords for an account, it may have several well-developed characters with many highly prized assets. In that case, you can "strip" the account for assets and sell them individually and come up with a lot of money. Next to that, the account itself is almost worthless.