Gotta catch ’em all — all security risks, that is
I was asked last week if I could do an article on Pokemon Go, the biggest Pokemon-related phenomenon since the original games took the world by storm in the late 1990’s. It’s been a long time since I donned the trainer hat and went on my journey to catch ‘em all…Pikachu, Charizard…Dagut…Shoe…
Takes me back.
Anyway, though I haven’t yet tried my luck in this millennium with Go, the rest of planet Earth seems to have plugged into a PokeMatrix of sorts over the last couple of weeks, sending stock soaring and leading to some rather disturbing, and some hilarious, incidents. It’s chaos out there. Kids finding corpses, people wandering into police stations, falling off cliffs, Growlithes and Meowths living together, mass hysteria!
My response to this article request was along the lines of, “Sure. I don’t think it has much to do with cybersecurity though. Hey, with any luck, there’ll be an incident this week that will make for a good story LOL”
Then there was a DDoS attack and I’m so sorry, it’s my fault. My words did this.
Thankfully, DDoS doesn’t really qualify as a hack, and as far as incidents go, is relatively mild. In this case, a hacking collective known as PoodleCorp targeted Pokemon Go’s servers, flooding them with so many requests, the result was overload that messed with the system, rendering the game freeze-prone or even inaccessible to players across the US and Europe on Saturday. Unfortunately, this group has since announced plans for repeat performances, promising to carry out even larger scale attacks on the game. What these attacks will entail, whether just more flooding or something more nefarious, remains to be seen.
More concerning last week than whether or not people could catch Pokemon, was the controversy surrounding developer Niantic originally giving itself the right to access the Gmail accounts and Google docs of its users without notification. This would have given the company shocking access to extremely private information worldwide, even allowing the app, theoretically, to write emails. To their credit, however, Niantic cut this potential privacy disaster off in short order, changing the permissions and revoking this self-given legal right, claiming it was an error and stating they had not accessed any Google user accounts.
It seems like, so far, Pokemon Go has not compromised the data security of its players in a major way. Here’s hoping it withstands any future attacks, and the only thing we have to worry about can once again be irresponsible players driving into trees.