Popular gaming platform Roblox has suffered a major data leak resulting in almost 4,000 developers’ personal, identifiable information being made publicly available.
Information reportedly leaked includes names, phone numbers, email addresses, dates of birth, and physical addresses of attendees of the Roblox Developers Conferences held between 2017 and 2020.
Oliver Green creator of autoclicker.io shares expert tips on how game companies can protect their developers from cyberattacks and ensure optimal cybersecurity.
“Protecting online developers from cyberattacks is essential for game companies to protect their intellectual property, data, and the integrity of their games. Data breaches in gaming can have significant impact on both users and developers.
“Games companies are a niche demographic and they’re known for spending a lot of money. Therefore, a gaming company’s financial status makes it a tempting target for cybercriminals.
“There are several measures companies can take to provide their developers with optimum security.”
- Security Training
This will help to keep developers and staff members up to date and aware of all thing’s security. It is important to ensure they are aware of common cyber threats, phishing scams, and the best practices for data handling and secure coding.
- Access Control
Implementing a strong access control system will help limit access to sensitive information and critical systems only to authorized personnel.
- Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) should be enforced for all accounts, including developer accounts. This is to add an extra layer of protection against unauthorized access.
- Data Encryption
Ensuring sensitive data is encrypted, both in transit and at rest, is important. This will ensure that even if it’s intercepted, it remains unreadable without the appropriate decryption keys.
- Secure APIs
If the company’s games use APIs (Application Programming Interfaces), it is important to ensure they are adequately secured and have proper authentication mechanisms.
There are several methods you can use to ensure authentication:
- – HTTP Basic authentication where a user needs to provide user ID and password
- – API key where a user needs to a unique identifier configured for each API and known to API Gateway
- – A token that is generated by an Identity Provider (IdP) server. OAuth 2 is the most popular protocol that supports this method.
- – At the very least you should use an API key (asymmetric key) or basic access authentication (user/password) to increase the difficulty of hacking your system. But you should consider using OAuth 2 as your protocol of choice for a robust security of your APIs.