Popular online game Roblox suffered a major data leak resulting in almost 4,000 developers’ personal, identifiable information being leaked online.
The leaked info reportedly includes names, phone numbers, email addresses, dates of birth, and physical addresses of attendees of the Roblox Developers Conferences held between 2017 and 2020.
Cyber security expert Oliver Green, creator of autoclicker.io shares 5 tips on how game companies can protect their developers from cyberattacks and ensure optimal cybersecurity.
Protecting online developers from cyberattacks is essential for game companies to protect their intellectual property, data, and the integrity of their games. There are several measures companies can take to provide their developers with optimum security.
Security Training
This will help to keep developers and staff members up-to-date and aware of all thing’s security. It is important to ensure they are aware of common cyber threats, phishing scams, and the best practices for data handling and secure coding.
Access Control
Implementing a strong access control system will help limit access to sensitive information and critical systems only to authorized personnel.
Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) should be enforced for all accounts, including developer accounts. This is to add an extra layer of protection against unauthorized access.
Data Encryption
Ensuring sensitive data is encrypted, both in transit and at rest, is important. This will ensure that even if it’s intercepted, it remains unreadable without the appropriate decryption keys.
Secure APIs
If the company’s games use APIs (Application Programming Interfaces), it is important to ensure they are adequately secured and have proper authentication mechanisms.
There are several methods you can use to ensure authentication:
HTTP Basic authentication where a user needs to provide a user ID and password
API key where a user needs a unique identifier configured for each API and known to API Gateway
A token that is generated by an Identity Provider (IdP) server. OAuth 2 is the most popular protocol that supports this method.
At the very least you should use an API key (asymmetric key) or basic access authentication (user/password) to increase the difficulty of hacking your system. But you should consider using OAuth 2 as your protocol of choice for a robust security of your APIs.
Source: Pro Pakistani