Gaming’s Biggest Cyber-Attacks
Devastating cyber-attacks have been an issue since the inception of digital technologies, and in recent years malevolent actors have transitioned from lurking in the shadows to gaining infamous reputations in the public realm. Over the past few weeks in Australia household names like Medibank, Optus and Energy Australia have experienced a barrage of attacks which has resulted in the data from millions of users being stolen and potentially leaked to anonymous websites for purchase.
The gaming industry is no exception, and with billions of gamers globally there have been disastrous cyber-attacks leading to terabyte’s worth of swiped data and millions, if not billions of dollars in losses.
From Sony to Sky Mavis these are the biggest cyber-attacks in gaming history.
Sony PlayStation Network and Xbox Live
One of the top 3 gaming corporations in the world, Sony has been on the receiving end of some vicious cyber-attacks. Arguably the most notorious hack in gaming history occurred across two days from April 19th to 21st 2011. This resulted in the PlayStation Network going offline for a total of 23 days and a whopping 77 million accounts being compromised. Additionally, PlayStation also admitted that 12,000 encrypted credit card details were accessed and resulted in a loss of $171 million dollars for the Japanese game company.
Moving forward to 2014, a follow up offensive consisting of a series of DDoS attacks brought down both the Sony PlayStation Network and Xbox Live services on Christmas day. This left gamers with the latest video game titles in hand and no opportunity to play them online. It took approximately 24-48 hours until the Xbox and PlayStation networks were restored.
Since 2014 both Sony and Xbox have experienced further DDoS attacks and hacks with the most notable occurring in 2017 when Sony’s social media accounts were briefly taken over by a group named OurMine.
CD Project Red
In February 2021, the makers of The Witcher 3: Wild Hunt and Cyberpunk 2077 were hit by a massive ransomware attack. Supposedly, data belonging to current/former employees and contractors of CD Project Red was stolen, alongside a wealth of game code and data. There are even suggestions that further damage was carried out and that employee data may have been purposely manipulated and tampered with.
Initially the studio was given 48 hours to contact the hackers and reach an agreement, however CD Project Red decided to refuse entering negotiations. The hackers then made the assertion that they had sold the data on an anonymous forum online. To this day, it has been reported that the data from this hack is still floating around the internet and available to the highest bidder.
Sky Mavis
Axie Infinity is a play to earn (P2E) mobile strategy game developed by Sky Mavis. The unique P2E feature of Axie Infinity allowed players to generate a cryptocurrency and own various NFTs while leveling up and gaining experience points. This created a valuable market for players, and most notably provided the opportunity for some gamers in low-socioeconomic nations to escape poverty and purchase their own homes.
Unfortunately, on March 23rd 2022 the largest hack in crypto history occurred. A staggering $625 million was swiped from Axie Infinity’s cryptocurrency network. It has since been discovered that North Korean hackers are to blame for this devastating attack and Sky Mavis is still reeling from its losses. For more information on this story and mobile gaming in general head over to The Rise of Mobile Gaming blog post.
Zynga
Owning titles such as Farmville, Words With Friends and Draw Something, Zynga is one of the largest mobile gaming companies in the world. In September 2019, approximately 200 million accounts were hacked from Zynga’s databases. The stolen information included email addresses, usernames, passwords, phone numbers and even some Facebook IDs. The supposed perpetrator, Gnosticplayers, claims to have poached an additional 7 million unprotected accounts from a discontinued game titled OMGPop.
This hack ranks as one of, if not, the largest in all gaming history.
Riot Games
Image Credit: Colin Young-Wolff/Riot Games
Riot Games, a giant in the industry with titles such as League of Legends and Valorant has been subject to numerous hacks and DDoS attacks since the early 2010s. The gaming firm experienced its first large scale assault in 2012 when hundreds of thousands of players belonging to the EU region had their private data exposed. This included names, passwords, email addresses and even encrypted credit and debit card details. Additionally, large numbers of players lost access to their accounts which resulted in an uproar as many players who had spent hundreds of dollars ended up losing their treasure trove of digital skins.
Since the 2012 hack, Riot Games has seen massive DDoS attacks in late 2013, throughout 2014 and in early 2020. These attacks resulted in League of Legends servers going down for numerous days and a ginormous gaming community waiting for the digital war between black hat hackers and cyber security specialists to end.
Fortnite
Using search data from Google and YouTube, Surfshark released a report in 2021 which stated Fortnite as the game with the largest number of hackers. From aimbot to wallhacks, Fortnite received a mind-blowing 26,822,000 hits online, nearly tripling second place Overwatch which has 9,279,829 online searches. Although this study might not be the most accurate method to count the specific number of cheaters in a game, it does provide an indication as to the most popular cheat infested titles. In third place sits old reliable Counter-Strike: Global Offensive with 6,706,182 hits. An interesting find from this study reveals that aimbots were 2 times more likely to be searched than wallhacks, so if you’re going to call out a cheater in game, they’ve probably installed an aimbot.
How Can Gamers Avoid Being Hacked
First of all, it is imperative to create long and difficult to hack passwords. These passwords should be a minimum of 9 characters long, with various upper-case and lower-case letters, numbers and special characters. Instead of thinking that your passwords should be a word long, they should be more akin to a short sentence in length. Additionally, do not reuse passwords. If one organisation or website gets hacked and you find yourself the victim of email address and password theft, hackers can simply copy and paste that information into the busiest logins on the web and they will steal all the private information possible.
This leads us to the next point, how do you store all your long, complicated and hard to remember passwords? By using a password manager of course. These will help organise your passwords and can also create difficult to crack passwords for new accounts as well. These password managers encrypt all their data with the latest encryption technologies which means if they were to be the victim of a cyber-attack the data that hackers retrieve would take years to be decrypted. Strong recommendations for password managers include Keepass, LastPass, 1Password and Keeper Password Manager.
Our next tip is turn on Multi-Factor Authentication on all accounts possible. By enabling this option and going through the rigmarole of setting up additional authentication steps, if a hacker was to steal your password it still wouldn’t be enough to access your accounts. It simply adds another layer of security for you and private data.
Additionally, it is also super useful for you to keep all your applications up to date as to avoid any bugs which could be exploited. Not to mention wiping your digital footprint will also assist in getting rid of malicious cookies and trackers you may pick up when browsing the web. This can be done regularly by changing your browser settings to delete your history on the regular, and don’t forget to delete old accounts which you will never use again. I’m looking at you ToonDoo, never again.