Security issues that affect us on slime herder and Incapacitor
for slime herder, we keep track of information using unity analytics. We keep track of how many people have attempted a purchase of our game, and when people close our game, so we know what the last level they played was. this is very innocent data, and we are not storing the information, that is handeled by unity itself. However, it may have been useful to keep track of where our players are located, and when they are playing our game, to help identify better marketting practices. If we were to store information like that ourselves we would be opening ourselves up to serious legal issues. If we kept this information on a server that was hacked, and that information was released, we would be liable for that, we could be put in jail or fined hundreds of thousands of dollars.
As we are just students, this is not something a project like this could afford, so we made the descision to keep very minimal information as a saftey measure.
Recently there was a large data breach with the Ashley Madison data servers. Approximately 36 million users account information were compromised in an attack, and investigations showed this was possible due to several flaws in the companies security management systems and procedures. There was little documentation on their policies and procuders, a lack of resourceing and management of the security process, assesments of privacy threats, and there were no assesments of the security process to see if it was still fit for purpose.
“According to the findings, ALM’s security framework lacked the following elements: documented information security policies or practices, as a cornerstone of fostering a privacy and security aware culture including appropriate training, resourcing and management focus; an explicit risk management process – including periodic and pro-active assessments of privacy threats, and evaluations of security practices to ensure ALM’s security arrangements were, and remained, fit for purpose.
Findings also revealed ALM lacked adequate training to ensure all staff (including senior management) were aware of, and properly carried out, their privacy and security obligations appropriate to their role and the nature of ALM’s business.
It concluded the company did not take reasonable steps in the circumstances to protect the personal information it held under the Australian Privacy Ac”
This is an issue that is being dealt with internationally, here in Australia and Canada. Some of the simple things that they failed to do was multiple point authentication and appropriate password management. that means they only had one login for something like a server, and most likely used poor passwords or reused passwords elsewhere that themselves may become comprimised. This means not just that some people may figure out that you have been sleeping around, but it also means that there is a lot more information of passwords and seeded passwords available now, meaning that password cracking software is a fair bit stronger now.
Remember, that if you are keeping any information from your users, including just usernames and passwords, you need to effectively protect that information. Even small breaches can have very large concequenses to you or your company.