If you play online gaming, you are probably being spied on.

Privacy concerns may be inherent in the design of the game itself, such as games that require access to your webcam or microphone. Some companies sell any relevant information they’ve collected about you to advertisers, and others collect enormous quantities of data for their own purposes.

It’s also difficult to know whether your data will be secure on the gaming companies’ servers, as previous data breaches have highlighted.

While you are probably happy to share some data with a company, other pieces of information can be used to build a profile of your habits and personality. This can then be sold to advertisers, who will bombard you with unwanted ads. Or, worse, it could be leaked in a data breach and used to steal your identity. Unfortunately, many bad actors are more than happy to take advantage of this opportunity.

This article outlines some of the issues surrounding online gaming privacy. At the end, there’s a list of steps you can take to mitigate your chance of becoming a victim.

9 risks to online gaming privacy

1. Camera and microphone access

Many multiplayer games require mic access to communicate. Younger children especially may not realize the mic is transmitting everything they say. If someone happens to be speaking about personal information in the room, then that would be transmitted to whoever was listening.

Likewise, many gamers stream their content for viewers online, exposing them to similar risks. If their personal information (such as passwords or location) are viewable in the background of the footage or on their desktop while screen sharing, then this can be stolen and put to ill-use.

Learn more about protecting your children’s privacy online

2. Location tracking

Some games, such as Pokemon Go, track your real-world location, sometimes to sell this information to advertisers. For example, if you frequent a certain clothing store and the game notices this, it can tell the advertiser to start showing you ads of that store’s clothing. This, in itself, would be a privacy invasion if you don’t consent, but the harm would be compounded if that same data were revealed by a security breach. You can mitigate both these issues by turning location tracking off if possible.

Ubisoft, for example, which owns the Assassin’s Creed and Tom Clancy franchises, says it respects privacy and security, and yet the company may record your playing habits at any time. They can also log your location and how much money you spend in-game.

3. Poorly protected servers

Hackers can breach any company’s servers without you making any mistakes of your own, which is why it’s important to limit the information you share online and familiarize yourself with the track record of companies that store your sensitive info. Perhaps the most infamous example of this was the Sony Playstation hack. When hackers breached the company’s database, they got access to the personal information of over 70 million user accounts, including names, passwords, credit card details, and addresses.

4. Online gaming malware

Malicious code can be inserted into the game itself, especially if it’s been pirated. This code is used to access your personal information, such as login details, passwords, or even payment information. Beware of free games from unknown developers: They could turn out to be far more costly.

5. In-game ransomware

Many gamers invest thousands of hours in their video game characters. This is most common in massively multiplayer games like World of Warcraft. This is why many gamers have their accounts targeted: hackers know people will pay substantial sums to have access returned to them. Ransomware is typically injected when gamers buy third-party, unlicensed power-ups to benefit their character.

6. Keyloggers

A keylogger is a kind of malware that records all your keystrokes to capture login credentials. Through emails or private messages, hackers posing as game developers may offer free content or access to a beta version of a new game. After falling for these phishing attacks, a keylogger will record any passwords or login information you enter, giving the hacker access to your account. From there, they can steal your personal data or ransom your account.

7. Unsecured WiFi

Using unsecured public WiFi exposes you to risks if you enter your login credentials or credit card information. This risk is compounded by the fact that many gamers don’t use VPNs for fear they’ll slow down their connection speed, and thus worsen their online gaming experience (and additionally potentially face ISP throttling). However, it is worth mentioning that many VPN companies are even more problematic and compromised than the networks they seek to secure. It’s important to know the characteristics to look for in a trustworthy VPN provider.

8. Phishing

No matter the industry, phishing remains one of the most common forms of attack. Typically an email is sent out posing as someone trustworthy, which encourages you to enter login information. However, if you do, whatever information you enter will be stolen and used to break into your account.

9. Not using 2FA

Without two-factor authentication (2FA), your risk of getting hacked is much higher. Despite this, many game companies (and even enormous companies like Facebook and Google) do not require users to implement 2FA, leaving them vulnerable to many of the risks detailed above.

How to improve your online gaming privacy

The good news is that if you take online gaming privacy seriously, there are many things you can do to stay safe:

Take all the same precautions as you would for preventing a data breach: this includes steps such as using strong passwords, avoiding companies with a bad security track record, and limiting the amount of information you give out.

Seek out and utilize a trustworthy VPN provider that won’t contain malware or put your information at risk, such as ProtonVPN.

Avoid using pirated versions of games from torrents. These may save you money (at least initially), but it will also make you significantly more vulnerable to malware and other online gaming privacy compromises.

Careful with cheat codes. Sometimes these may run malware that can compromise your device.

Be mindful of phishing attacks, including in-game. If someone you don’t know sends you links or attachments, do not click on or open them.

In your account, find the privacy settings and configure them to maximize your privacy, such as by turning off location tracking. In your security settings, turn on two-factor authentication if it’s available.

Have you ever fallen victim to an online gaming scam? Are there any safety tips you use that you would recommend to the Proton community? Feel free to comment below or join the conversation on our social media channels.

You can follow us on social media to stay up to date on the latest ProtonVPN releases:

Twitter | Facebook | Reddit | Instagram

To get a free ProtonMail encrypted email account, visit: protonmail.com.