Hackers exploiting API and spamming “ghost accounts”,Playfab Attack

Question

question

Brady Vu asked Mar 2, '23

Hackers exploiting API and spamming “ghost accounts”,Playfab Attack

Hi, so some hackers attacked my game today and somehow grabbed the title id, pulled the IPs and added thousands of “ghost accounts.” My game is relatively small and the hacker group is named “Athera.” How are they doing this? Is there any way I can fix it?,Hi, so I’m making a game with Unity, Photon, and Playfab which is relatively small, but there seems to be a hacker group going around and attacking games. They somehow find the title ID, get access to everyone’s ip address and flood the title with “ghost accounts”. Someone threatened to hack my game and I didn’t think much of it until I saw 4 to 5 thousand “ghost” players in my Title. How are they doing this? Is there any way I can prevent it? Thanks in advance.

Account Management

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 1 · 2023-03-03T08:39:13Z

Neils Shi answered Mar 3, '23

Since some login API like LoginWithCustomID require no authentication headers. If hackers know your title ID, they can create "ghost accounts" easily. But as long as your Secret Keys are not compromised, then your game is safe. The Admin/Server APIs require Secret Keys or Title Entity, these ghost accounts don't have permission to harm your game. Also, you can use API access policy to disable certain Client APIs (which you don't need).

2

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Brady Vu commented · Mar 09, 2023 at 01:34 PM

Ok, thanks!

0 ·

Neils Shi Brady Vu commented · Mar 10, 2023 at 09:54 AM

Feel free to let me know if there are any other questions.

0 ·

question