Search This Blog

Showing posts with label Gaming. Show all posts

Nintendo Confirms Around 160,000 User Accounts Affected in Recent Hacks


On Friday, the Japanese gaming giant, Nintendo confirms that around 160,000 user accounts of Nintendo Switch users have been affected in the recent hacking attempts.

Nintendo's Switch game console is immensely popular among avid gamers and its demand has risen dramatically amid the lockdown forced by COVID-19 pandemic, making it out of stock almost everywhere. As the number of people turning to Nintendo is rapidly increasing, the number of hackers targeting digital accounts has also increased as a result.

In the wake of the breach, Nintendo has disabled the option of logging into a Nintendo account via Nintendo Network ID (NNID)– login IDs and passwords of the users have been acquired in an unauthentic way by some means other than Nintendo's service, the company confirmed. Notably, these attempts to access accounts illegally have been made since the beginning of April. The information compromised during the breach includes usernames, DOB, email addresses, and country.

The company has notified all the affected users of the breach through an email, alerting them to reset their passwords.
Meanwhile, the company also warned the users in case they have used a common password for their NNID and Nintendo account, and said, “your balance and registered credit card / PayPal may be illegally used at My Nintendo Store or Nintendo eShop.”

The company further recommended the users to enable two-factor authentication as some accounts are already being used to make fraudulent purchases. Affected users are advised to contact Nintendo so that the company can examine their purchase history and cancel fraudulent purchases.

"We will soon contact users about resetting passwords for Nintendo Network IDs and Nintendo Accounts that we have reason to believe were accessed without authorization," the company said.

While apologizing to the customers, Nintendo said, "We sincerely apologize for any inconvenience caused and concern to our customers and related parties,"

"In the future, we will make further efforts to strengthen security and ensure safety so that similar events do not occur." the company added.

1.1 Million Customers Records of SCUF Gaming Exposed Online


The database of more than 1 million customers was exposed online by 'SCUF Gaming', a subsidiary of Corsair that develops high-end gamepads for Xbox, PS4, and PC. The incident led to the exposure of clients' names, payment info, contact info, repair tickets, order histories, and other sensitive information. Other data belonging to the company's staff and internal API keys were also compromised as a result.

The data was left unprotected for two days before being discovered by the security researcher, Bob Diachenko who reported the same to Scuf Gaming. The team led by the researcher found the data on the web without any password protection or authentication.

The database was taken down by the company in less than two hours of being notified. Meanwhile, bot crawlers got enough time to locate the exposed database and a ransom note was found demanding 0.3 BTC from the company. The note says that the data had been downloaded by the cybercriminals, however, no such action is being detected by the systems. "Your Database is downloaded and backed up on our secured servers. To recover your lost data, Send 0.3 BTC to our BitCoin Address and Contact us by eMail.” The note read.

Experts are of the belief that the involved criminals did not get enough time to delete or encrypt the data present in the database, hence, it's unlikely that they would have been able to download it either. However, SCUF clients and staff could face a risk of phishing attacks, identity theft, and fraud by the cybercriminals who might have downloaded some pieces of
the leaked database.

In a conversation with Comparitech, a spokesperson for Corsair, parent company to SCUF gaming told, “…Once notified, we identified the root cause of this exposure and secured the database within two hours. While investigating Mr. Diachenko’s warning, we also discovered that a bot had connected to the database’s server and placed a ransom note there. We have no evidence that either the bot or any other actor was able to misappropriate customer data.

This issue was specific to one system, being operated off-site due to work-from-home precautions resulting from the current COVID-19 pandemic.”

To stay on a safer side, SCUF Gaming customers are advised to keep an eye for any suspicious activity in regard to their bank accounts as scammers who were to able gather whatever bits of information they could, are likely to attempt targeted phishing attacks.

DDoS Attacks on the Gaming Giant Blizzard Causing Worldwide Service Disruption


In order to ruin the users' stay at home during their work from home period brought about by COVID-19, the hackers have hit gaming giant "Blizzard" with a colossal DDoS attack causing worldwide service disruption.

The attack, as per reports was carried out on March 18th around 2:20 AM (GMT) when Blizzard users took the issue to Twitter and the Customer Support handle for Blizzard on Twitter additionally affirmed enduring the DDoS attacks.

The company further clarified that it is “currently investigating an issue affecting our authentication servers, which may result in failed or slow login attempts.”

As indicated by DownDetector's live map, Blizzard is as yet enduring the result of the attack particularly in the US, Israel, Bahrain, Iraq, China, Singapore, Malaysia, and Denmark and a few other countries.
Image credit: Down Detector’s live map


Furthermore, it is very unclear whether the DDoS attack has halted as there has been no update tweet from the company. It is, however, worth noting that Blizzard is home to probably the most mainstream games including World of Warcraft, Overwatch, Heroes of the Storm and Diablo Immortal, and so on.

The gaming monster has a strong customer base with in excess of 32 million active users across the global. Aside from these EA Sport, a division of Electronic Arts is likewise enduring a worldwide service blackout.

It is indistinct on the off chance that it is an aftereffect of a DDoS attack or the company is confronting technical challenges within however there have been various tweets from EA Sports customers complaining about lagging and connectivity issues.

As indicated by DownDectector's live map, EA Sports is as yet enduring lagging issues in the US, United Kingdom, France, Spain, Denmark, Japan, and Israel, and so forth.

Image credit: Down Detector’s live map


By and by, it is most likely not a smart decision to DDoS Blizzard but rather users are encouraged to remain tuned for any further news with respect to the attack.

Counter-Strike: Global Offensive (CS:GO) — Money Laundering Prompts Valve to Shut Down In-Game Key Sales


Counter-Strike: Global Offensive (CS: GO) was being targeted by criminals for money laundering, according to the US video game developer, Valve. In a statement, the makers told that the aim of the attackers is to "liquidate their gains".

Developed by Valve and Hidden Path Entertainment, CS: GO is a popular multiplayer, first-person shooter game in which two teams go against each other strategically completing given objectives such as diffusing bombs and rescuing hostages.

The game allows players to earn cosmetic upgrades for their guns and avatars in loot containers, normally these boxes can only be opened via a key that players have to buy from Valve. However, the makers observed that "worldwide fraud networks have recently shifted to using CS: GO keys to liquidate their gains. At this point, nearly all key purchases that end up being traded or sold on the marketplace are believed to be fraud-sourced." The fraudsters exploited the loot gathering systems in the game to trade keys which further allowed them to unlock rewards for real money.

As a security measure, the company has updated the game in a manner that shuts down the ability to transfer new loot box container keys among users in the game.

"CS: GO container keys purchased in-game can no longer leave the purchasing account. That is, they cannot be sold on the Steam Community Market or traded. Pre-existing CS: GO container keys are unaffected–those keys can still be sold on the Steam Community Market and traded," the blog read.

In the blog post, the company also expressed concern for the effect this would have on legitimate players but also emphasized the need to combat fraud which they have on priority.

While the total amount of money laundered through the Steam marketplace remains ambiguous, hundreds of thousands of loot containers along with keys have been traded by the criminals via the online marketplace. Notably, the boxes and keys were traded for a few dollars each.

In the past seven years of its existence, CS: GO amid gaining massive popularity has unfortunately also attracted a number of disputable scenarios including illegal gambling and hidden business interests for social media influencers.

The Rise of the DDoS Attacks and the Abuse of the WS-Discovery Protocol


A new type of attack that feeds on vulnerabilities in the usage of the Web Services Dynamic Discovery protocol has been discovered recently by analysts from Akamai's DDoS mitigation service Prolexic.

The attackers here are said to have had used a moderately new strategy—one that can possibly yield more than 15,000 per cent rate of return for the junk data it heaves at a victim.

Since WS-Disclosure provides devices on a similar network a chance to communicate, and guides them all to ping one area or address with insights concerning themselves, attackers can control WS-Discovery by sending uniquely crafted pernicious protocol requests to vulnerable devices like CCTV cameras and DVRs, which is extremely simple for them to do as WS-Discovery is intended to be utilized internally on local access networks and Akamai gauges that approximately 800,000 gadgets exposed on the web can receive WS-Discovery commands.

“There's a huge pool of vulnerable devices sitting out there waiting to be abused” says Chad Sailor, senior specialist on Akamai's security insight reaction group.

"DDoS attacks abusing the WS-Discovery protocol have increased," says security researcher Troy Mursch.
 "The notable thing here is the amount of vulnerable hosts that can be abused and the large amplification factor that enables crippling attacks."

Video game platforms are the most well-known targets for DDoS attacks, during the beginning of September, for instance, Blizzard's hugely famous World of Warcraft Classic went down sporadically for a considerable length of time as a result of a DDoS attack.

"With gaming, they are one of our most frequently attacked industries," Akamai's Seaman says. "We have a handful of different gaming customers that we protect and we basically see the full gamut of all the different attack vectors and exploratory attacks through them. So it’s not surprising to see them being the first ones being targeted with a new vector."

In any case the dread about WS-Discovery DDoS attacks, however, is that the gaming industry won't be the last target as the researchers caution once more that the industries should be prepared for greater versions in the future.


EA Origin Security Flaw Exposed over 300 Million Gamers to Account Takeovers



In the wake of the discovery of an EA based vulnerability, EA origin has been forced to re-examine its module for security and safety as the flaw could have potentially exposed millions of gamers to account takeovers.

As per the findings and research of specialists at Check Point and CyberInt, the vulnerability affected over 300 million gaming enthusiasts playing online games namely FIFA, Madden NFL, NBA Live and Battlefield.

The vulnerability relied on an alternate authentication method known as, Access Tokens which are like passwords; by stealing a Single Sign-On authorization token, the security flaw would have given complete authority into the hands of the hackers, who further would have been able to hijack player's accounts without needing the login or password.

Stealing 'Access Tokens' can be a bit more complex than stealing passwords, however, it still is possible. It's because users have been enlightened against providing passwords on dubious websites, hackers now resort to accessing access tokens rather than the passwords. Moreover, it can be carried out behind the scenes without needing any active participation from the user.

On Wednesday, commenting on the matter, Oded Vanunu, head of products vulnerability research for Check Point, told, "EA's Origin platform is hugely popular, and if left unpatched, these flaws would have enabled hackers to hijack and exploit millions of users' accounts,"

Referencing from the statements given by Alexander Peleg in an email in the regard, "We had the vulnerabilities under control so no other party could have exploited them during the period it took EA to fix," 

Hacker Group make Nintendo Switch a Linux machine

As reported earlier this month, Hacker Group fail0verflow had tweeted a picture showing that they had managed to run Linux on Nintendo Switch. That was February 6; now, 12 days later, they have released a video on their account, providing proof of the same.

The video shows a Switch console running a Linux-based desktop environment KDE Plasma, with full touchscreen support and a web browser, something which the gaming console did not originally have.


While usually people hack into gaming consoles to play cracked versions of games, some people just enjoy running whatever kind of software they want on them. This seems to be one of those cases.

Fail0verflow is a hacking group that focuses its hacking efforts on gaming consoles and has recently taken up Nintendo Switch, as have many others.

While the hacking group has still not made public their exact method and code, it reportedly involves exploiting a flaw in the boot ROM of the Switch’s Nvidia Tegra X1 chip. As they revealed last time, the video maintains that the flaw can’t be patched up by Nintendo on current devices but allegedly can be discussed in future production.

Hackers run Linux on Nintendo Switch

Last week, hacker group fail0verflow shared a photo on Twitter, showing that they had managed to run Linux on the Nintendo Switch.


This tweet followed after a previous one in January where they explained that their Switch coldboot exploit is a boot ROM bug, which as suggested in the name, is a piece of code containing instructions about the booting process stored in a read-only memory.

They also revealed that it is not possible to fix the flaw using patches in the current Switches.


Earlier, they had also tweeted a scroller for the Switch.

While they have teased the exploit to the public, it may be a while before fail0verflow publicly release the details and code for their hack, as evidenced by the PS4 exploit that they demonstrated in 2016 and only revealed the details of over a year later.

Meanwhile, the Switch hacking community continues to make progress. After the 34C3 conference which left the console’s security wide open, it seems that it’s going to be easier for hackers to create homebrew software for the Switch and even pirate games, which could mean serious financial repercussions for Nintendo.

For those with technical knowledge who prefer the white hat route, however, Nintendo is still offering bounties on reports of vulnerabilities.


Is AI allegedly hacking users’ account?

Recently the leak of a few documents online seems to reveal insight into the computer gaming industry's use of Artificial Intelligence (AI) to increase advertising revenue and gaming deals. The classified documents showed up on Imgur two days back, and have been doing the rounds on Twitter. The leaked documents, if genuine, uncover the startling lengths that the computer game industry will go to with a specific end goal to snoop on gamers using AI.


The archives state that reconnaissance data is accumulated to order detailed profiles about users. As indicated by the reports AI focused on the users' smartphones and utilized inactive listening innovation/technology to connect with the smartphone's microphone, phones are checked to see whether they (users) stay in a similar area for eight hours or more. On the off chance that this is observed to be genuine the subject is set apart as "at home". 

The unsubstantiated documents at that point go ahead to clarify the detailed observing or monitoring that happens inside a user’s home:
 “When in home, monitor area of common walking space. Pair with information about number of staircases gathered from footfall audio patterns. Guess square footage of house.”

A part of the document marked "Example Highlight" at that point goes ahead to clarify how it was chosen that "high bonus gaming sessions during relaxing times are paradoxically not the time to encourage premium engagement."

Around then, users are focused with free rewards, bonuses and "non-revenue-generating gameplay ads." As per the leak, at these circumstances "the AI severely discourages premium ads.”
As though this wasn't sufficient, the AI additionally listens in, for catchphrases as well as for "non word sounds." Examples include microwave sounds and notwithstanding biting and chewing noises, which are utilized to figure whether packaged meals have been consumed.

A section marked "Calendar K" clarifies how psychological manipulation is utilized to coerce users into making purchases. AI may sit tight for players to be tired after long gaming sessions. Can turn around the shade of free and paid game titles (generally blue and red), with a specific end goal to "trick a player into making a buy unintentionally."

Unbelievably though,it gets worse. As indicated by the leaked documents the gaming business industry likewise utilizes hacked data dumps to gather additional information about users. Also a segment marked "Schedule O" even clarifies how the AI gathers side channel data.
For the present however, it remains to be seen whether this information or data dump will end up being genuine or not.


As is dependably the case, we encourage smart phone users to be careful about the applications they install. Continuously check for obtrusive authorizations before consenting to install any application or game. On the off chance that a game requests authorization to utilize the microphone, please remember that this sort of reconnaissance might happen.

As per these leaked documents, AI software may likewise be utilizing previously hacked information and data to pick up passage to outsider or third-party administrations and services. If it happens, at that point the gaming companies might break into auxiliary services to put users under surveillance and develop a detailed profile about them.


For now, these serious allegations still can't seem to be demonstrated valid. Be that as it may, the users are reminded to dependably utilize solid one of a kind passwords for the greater part of their diverse online accounts – to make it substantially harder for organizations and companies to use such practices.

Nvidia prepares GTX 1050 And GTX 1050 Ti Max-Q variants to Tackle Intel’s Kaby Lake G series

NVIDIA has apparently let known the presence or more likely the existence of the GTX 1050 and 1050 Ti Max-Q design in their most recent Linux changelog. This simply implies that the company is as of now getting ready to reveal the line-up soon and will set it against the Kaby Lake G line up's RX Vega M GL. Since Max-Q is tied in with augmenting the thermal and power envelops and furthermore even the name of the game is power efficiency, it is expected that the level of rivalry as well as competition has genuinely risen.

This change was noticed in the Linux display driver that was released recently and records not just the MX 130 and MX 110 yet in addition the 1050 Ti with Max-Q designs. A reminder for those of us who overlooked, Max-W is NVIDIA's design theory or in other words a philosophy which involves constrained TDP settings. This innovation has already been utilized as a part of an ultraportable gaming notebook so as to reduce a large portion of the GPU power consumption.

It finds the most productive trade off of execution, performance and power for the GPU. The software to be sure adjusts the work done on the CPU and GPU, at the same time upgrading the game settings and utilizing advanced system design techniques for thermal management and power regulation. It likewise presents another idea, WhisperMode. This ultra-productive mode makes the users ‘plugged-in laptop runs much quieter while gaming.
Works by intelligently pacing the game's frame rate while simultaneously arranging the graphical settings for optimal power efficiency.

The clock speed of the Maximum Q is most likely going to be somewhere around 1417 MHz to 1450 MHz, which means a hypothetical graphics execution of 2.18 TFLOPs. This puts it within spitting distance of the newly initiated Kaby Lake G series of graphics which house the Vega M. Remembering be that as it may, that while the Vega GL has a higher hypothetical (theoretical) power, AMD and NVIDIA models are not directly equivalent and as has been the situation this age, NVIDIA more often fares better even with lower theoretical FP32 execution.
Aside from this the AMD Radeon RX Vega M GL graphics chip is set to be featured on a range of 8th Generation Core i7 and Core i5 processors. These feature 20 CUs which are equivalent to roughly 1280 stream processors, 80 texture units and 32 ROPs. The Vega 20 die is clocked at a base frequency of 931 MHz and boost frequency of 1011 MHz These chips convey an evaluated single precision output of 2.6 TFLOPs which is marginally up from a Radeon RX 560 reference design that has 2.4 TFLOPs of FP32 performance. The Radeon RX Vega 20 GPU is accompanied by 4 GB of HBM2 memory and this works at 1.4 Gbps close by a 1024-bit bus interface, directing out 179.2 GB/s of data transmission. For a solitary HBM package, this is loads of accessible data transmission devoted for the GPU alone.

In any case, the Max-Q design has previously been seen in the Zephyr notebooks which include the extended keyboards and frills which apparently aren't for everybody and it remains to be seen whether this GPU will require a similar style of aesthetic and cooling. On the off chance that that is the situation, at that point it could restrain the total available market of the product since a brought down keyboard and the odd cooling style isn’t favoured by everybody.