Cybersecurity Insight

Criminals Love Pokemon GO Users

19 Jul

Unless you’ve been living under a rock in the middle of the ocean for the past few weeks, chances are you’ve heard of Pokemon GO. Though I’m fairly certain even those living under said rocks in the middle of the ocean have heard of it. Moving on.

Pokemon GO’s fast-rising popularity is great for Niantic, the game’s creator, but simultaneously creates a potential hotbed of security issues on top of those already reported. The most recent breach involved the group OurMine implementing a DDoS attack this past Saturday that knocked out the entire network. Going beyond the “he said, she said” between Niantic and OurMine, the fact is that something as simple as a DDoS attack – which we’ve approached before – took down their network is inexcusable.

Beyond the lack of very basic cyber security protection comes the issue of access and how much is required. Pokemon GO needs to access your GPS, camera, the list goes on, all to play the game. And even though the company fixed this security flaw, at one point someone with limited hacking knowledge could access the game and gain information on any user’s location, current or past. What hasn’t been addressed is the amount of access allowed to third party vendors. In the middle of a 20 page privacy policy, Niantic allows third party vendors to access any and all user information without any notification. Who is to say that your sensitive personal information won’t fall into the wrong hands?

Everyone wants a piece of Pokemon GO – including criminals. Now many are blaming the quick rollout of the game – they expanded to 26 countries this past weekend alone – for the security and operating flaws. Shifting blame doesn’t solve the very real problem that every user is at risk when they log into the game, and the network itself is intensely vulnerable as well. As a cyber security management and monitoring company, Neovera’s top priority is understanding every aspect of the industry and implementing the latest features for each individual client. This means all the information you need is directly accessible through an actual person, and not stuck in some 20 page jumble.