It is a classic supply-chain attack. The same modality is used by gamers to sell off their high-level characters, and social media accounts do "switcheroos" on posts, Pages, and Groups all the time.

You know, a lot of consumer cybersecurity focuses on malware, browser security, LAN services, but I propose that the new frontier of breaches involves browser extensions, "cloud integrations", and "app access" granted from accounts.

If I gave permission for Joe Random Developer's app to read, write, and delete everything in Gmail and Google Drive, that just set me up for ransomware or worse. Without a trace on any local OS. A virus scanner will never catch such attacks. The "Security Checkup" processes are slow and arduous. I often find myself laboriously revoking access and signing out obsolete sessions, one by one by one. There has got to be a better way.

▲

dalmo3 6 hours ago | parent | next [-]

Pardon the ignorance but what's being exploited by someone buying a video game character?

	▲	asimovDev 4 hours ago \| parent \| next [-]
		If you buy someone's old gaming account (Steam for example) with many years of activity, you can appear more legitimate when trading, therefore making it easier for people to trust you and fall victim to your scam(s)
	▲	elashri 6 hours ago \| parent \| prev \| next [-]
		I think he was just saying that it is similar business to that. Just drawing comparison that there are a market like selling video games accounts. Also usually people who cheats in games will buy high level accounts because they will be banned much faster if they start playing with new accounts for cheats. This happens in some of the games I play all the time.
	▲	5 hours ago \| parent \| prev [-]
		[deleted]

▲

kevincloudsec an hour ago | parent | prev [-]

[dead]