It’s a reality in today’s world that data breaches are commonplace, and that companies, organizations, and even individuals need to protect themselves against such attacks. The video game industry has become a prime target for cybercriminals, for both developers and consumers. As the business and consumer sides alike rely on technology and connection, they are growing ever more prone to attacks.
There has been a growing number of attacks on studios, online gaming platforms, and directly to gamers. Many of these come in the form of external hacks, phishing, and credential stuffing. For developers, such breaches can adversely affect intellectual property, months or even years of work on a single title, and employee and customer data, among other things. Hackers may compromise individual gamers’ personal information, payment details, and in-game purchases with perceived value.
Both developers and gamers must be aware of risks, as well as common methods of cybercriminal targeting and measures to prevent or mitigate attacks. It is clear and evident that these attacks will perpetuate, and likely worsen, over time.
While cybercriminals target developers directly for intellectual property, source codes, employee and consumer information, and more, they may also find useful information from gamers who inadvertently disclose information. This could mean infiltrating a platform or server, or even targeting online forums popular among gamers.
A major issue that compromises security is the authentication used by game developers—a low-friction method meant to maximize revenue by making logins among its base easier. This enables gamers to have a better user experience, though it can come at the expense of security.
Among the more unorthodox and less obvious targets in these breaches are a player’s virtual assets with perceived value. This is to say that there are no real-world applications of this data, but the value is inflated in the gaming universe. The data could then in turn be redeemed for a thief’s monetary gain, such as in a case in RuneScape, when a moderator stole virtual money from players that had a real-world value of $100,000.
Video game production can be time-consuming and expensive, putting a studio in a position in which they accept risk of financial loss through their investment in a title. Breaches against game developers have increased, with an attack against the much anticipated Cyberpunk 2077 being a notable example.
The Poland-based CD Projekt revealed that it had been the victim of a cyber attack. The developer disclosed that its internal network had been breached, and that the attackers threatened to release the source code, which potentially translates to lost revenue as game data released online provides gamers with an alternative means of getting the game. What’s worse is that the industry at large faces growing cyber threats.
In response to the attack the developer cut off access to the internal network, which prevented employees from accessing what they needed to perform their job duties. CD Projekt is only one of several attacks against gaming companies. Others include attacks against Nintendo, Blizzard, and Ubisoft among others.
One way cybercriminals target customers is through login credentials. It is good practice for gaming enthusiasts to create new passwords across multiple platforms. It is also wise for gamers to be wary and not endow total faith in platforms or online sites dedicated to gamers.
For gaming studios, it is crucial to have a substantial and comprehensive backup and protection plan. Such a security solution includes offline encrypted backups and external storage, remote drive management, and effective endpoint security.
If you think you have been the victim of a data breach, or would like to discuss your security solutions further, please call SecureData at 1-800-520-1677 to speak to an expert today.