Have you ever been locked out of your account for reasons you never understood? If so, there’s a chance your account was hijacked. While most gamers aren’t above ribbing an overly obvious imposter in Among Us or barking colourfully-worded orders at teammates in an intense shooter, there are a few out there whose behaviour goes way beyond good-natured bluster.
If you’ve ever got into and used an account without the owner’s permission, you could be involved in account hijacking, which is a crime. If, on the other hand, you’ve found your account password changed, or been locked out for reasons unknown, then you could be a victim.
Account cracking, or account hijacking, involves breaking into someone’s online account, changing the password so the owner can no longer use it, then selling it. It can happen to email addresses, online shopping accounts, or even games and services like Netflix, Spotify, Steam, Fortnite. The list goes on. Those one-year subscriptions to Spotify or the ultra-rare skin being sold for ridiculously cheap prices are more than likely stolen accounts.
So how do the hijackers do it? Often they use personal data (usually email address and password) that was stolen from major websites by hackers during large-scale data breaches.
Even if the site your info was stolen from isn’t one you use frequently, you’re at risk if you use that same email address and password for your gaming account, email or other important accounts.
How to protect yourself
You can do your part too. Your email accounts are a nexus of your online activity, and if you can keep these safe then you can keep much of your information safe. That’s why you need a particularly strong password to access your email.
There are a few ways you can check whether your email address is associated with any data breaches. Entering your email address at Have I Been Pwned will tell you whether your credentials have been exposed in a data breach. More recently, some browsers have added features that let you see whether any of your account passwords have been compromised.
To protect yourself, you should use a password manager and use different passwords for each site (your passwords should use three random words or be completely randomised, and include special characters). That greatly limits the amount of damage a hijacker can do should they procure the credentials to one of your accounts. Two-factor authentication is also worth setting up where possible.
Remembering all your passwords can be a challenge, which again is where your browser or a password manager come in. These apps offer ways to store all your passwords in one place. They also let you sync this data across devices as long as you use the same password manager or app on them.
How does the National Crime Agency protect gamers from hijacking?
The National Crime Agency (NCA) is cracking down on sites that monetise stolen account credentials. In January 2020, an international investigation led the NCA took down the site weleakinfo.com and arrested its owners. In March 2020 Europol took down another notorious account-selling site called datasense.pw. The NCA are taking an active interest in those accessing leaked data on the web for illegal purposes like account hijacking.
In short, they’re not messing around with this stuff, and they take it seriously.
You may wonder why the NCA is taking such a big interest in account hijacking. Well, that’s because it’s a criminal offence in the UK under the Computer Misuse Act 1990 and can fall under the Fraud Act 2006. If your account’s been hijacked, then it not only impacts your enjoyment of your games or films, but is a criminal violation of your privacy. The NCA have identified that there are many young gamers who started out cracking accounts and then quickly progressed to committing serious fraud offences without understanding the consequences.
Of course, the NCA knows that most gamers are just in it to have a good time and have zero interest in illegal activity. The NCA also knows that a digital games library is precious to the person who owns it and highly valuable to criminals, which is why it’s stepping up its efforts to combat account hijacking.
So stay safe, mix up your passwords, and play safely over the festive period. If you’d like to learn more about what the NCA and UK Police Forces are doing to divert young people away from cybercrime please visit www.cyberchoices.uk.