According to a recent poll from DreamHack and Akamai more than half of gamers have been hacked. This could be finding the login to your email account or a more serious cybersecurity threat. It’s important to feel safe and secure when you are gaming online.
More often than not we just don’t think about it. If I’m being honest, when I was playing games the thought of security rarely crossed my mind. It was only after my email account was hacked and some of my accounts were taken over that I got serious about password security and two-factor authentication. Now, I am a firm believer in action before reaction. But are the big companies? Does it have to take a DDOS attack on their servers or the contents of their hard drives being leaked online to make some of these organisations take cybersecurity and esports safety seriously?
Five major cyber-attacks in esports and gaming
The gaming and esports industry have been hit with wave after wave of attacks that have disrupted the gaming and esports ecosystem. Here are just a few of the countless number of companies and organisations that have been impacted.
5. Activision Blizzard
One of the kings of cyber attacks, esports and otherwise. With games like World of Warcraft, Overwatch, and Call of Duty under their umbrella, it was only a matter of time until they were targeted.
In March of 2020, they were subjected to four separate DDOS attacks in less than a week. Two Call of Duty games, Overwatch, and World of Warcraft were affected and gamers all around the world were affected. They have also been the target of actors like Derp Trolling in 2014 and Lizard Squad on April 13th, 2016. Many players lost access to Battle.net and with it, many of their games.
4. Riot Games
Riot Games, a studio that has been fraught with controversy over the past few years has unsurprisingly been the victim of several attacks. While they take cybersecurity and esports very seriously, they are still vulnerable. The most recent attack on the company happened in January of 2021. From the 16th to the 17th of January, their League of Legends team-based competitive tournament mode, Clash was hit with a DDOS (direct denial of service) attack. This is malicious internet traffic that overwhelms the servers and makes the site or game unusable.
This sort of attack seems random and untargeted but could take down esports tournaments in the middle of play or simply take out the live streamed feed. This would not affect you or me that much, but it would definitely hurt the company’s bottom line. This underlines the importance of the connection between cybersecurity and esports.
In a major breach in June of last year, Nintendo announced that a total of 300,000 accounts had been hacked. This came only a few months after they announced that 160,000 accounts were hacked in April.
The hackers were able to see birthdays, home locations, and email addresses, as well as access other payment services linked to the Nintendo system. Nintendo has never been the front runner when it comes to the online gaming world and this breach shone a light on that. They asked players to check out their transaction history and login locations. They also repeated many other companies calls for the use of two-factor authentication.
One of the kings of the fight games genre, Capcom, was hacked late last year. In November they announced that they had been hacked but much like their previous attitude to cybersecurity threats, the announcement was a little weak.
After announcing that they had been hacked on the 4th of November, it took them almost two weeks to tell their customers that the hackers had access to the personal information of 350,000 of their customers and business partners.
This should be a parable for any future gaming and tech companies, if you aren’t transparent with your customers, they will always expect the worst.
1. CD Projekt Red
Just last month in February of 2021, the internal network of CD Projekt Red was accessed by an unknown individual or group who stole their private data. A ransom note was left in their files that threatened to release their video game source code and other data if their needs were not met.
According to the company, no user data was compromised and in a statement on Twitter they said:
“We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach.”
Cybersecurity and esports: What can we do?
Despite the anxiety-inducing stories I have just listed, there are plenty of ways that you can secure your presence online and prevent any future cybersecurity threats to your accounts.
- Two-factor authentication: I’ve mentioned this a bunch in the article. I only write it because it was what help me sort out my security issues. Once I found out that my accounts had been hacked, I either shut them down or changed the password and enabled two-factor authentication. In the days after, I got requests for logins and I denied them. After about a week of attempts on different sites, whoever was trying to login gave up.
- Password manager: Consider using a password manager to store stronger and more complicated passwords.
- Always back up your data: While this is getting less and less frequent, computer viruses that lock up your computer and destroy your files are still around. Make sure you always have cloud-based or (even better) physical backups of your data.
- Keep your programs up to date: Companies are always updating games and programs. Sometimes it is an improvement but other times they are fixing vulnerabilities to the software.
Cybersecurity and esports: What can the companies do?
In reality, the onus for cybersecurity in the gaming and esports ecosystem lays at the feet of the companies that we entrust our data to.
Companies are improving their anti-phishing training. Phishing is still the number one form of socially driven breach and they use the vulnerabilities of humans to try and attack the companies.
Ransomware is another major threat to cybersecurity. Game developers, publishers, and esports companies are at risk of these sorts of attacks. They often tease upcoming projects that they would not want to be leaked early or deleted entirely. Many companies are increasing their security budgets to defend themselves from these sorts of attacks.