Rocked! Cyber attacks in the gaming industry are getting worse

By Eden Winokur, Sam Tempone and Chloe Taylor

This week Australia will be home to the biggest games event in the Asia Pacific. In its eighth year, Melbourne International Games Week returns to Melbourne.

While this ought to be a week of celebration, it comes at a time where the industry is heavily targeted by cyber criminals. With recent high-profile data breaches suffered by organisations such as Rockstar, Uber and Optus (see our article No Optus – Australia’s largest data breach for more detail), all organisations should be proactively thinking about how they can protect themselves from cyber criminals, the type of personal information they collect and the best way to secure their customer’s personal information.

Key trends and developments

The gaming industry is one of the world’s largest and fastest-growing entertainment sectors. The market is estimated to be worth $240 billion globally in 2020 and to reach $294 billion in 2024.^[1] In Australia, the demand for digital games is expected to reach $6 billion in 2022 with a forecast growth of 9%.^[2]

In August 2022, cyber security company Akamai Technologies reported that cyber attacks on player accounts and gaming companies had increased dramatically over the past year. This includes a 167% increase in web application attacks – putting gamers and their data at risk.^[3]

Over the past three months, there has been a series of high-profile cyber attacks suffered by gaming organisations. This includes Roblox, Neopets and Bandai Namco who were all hit with data breaches within three weeks of each other.^[4]

The most notable data breach was suffered by Rockstar, when its network was infiltrated and more than 90 videos and images from the hotly awaited next instalment of the Grand Theft Auto franchise were exfiltrated and shared on an online forum. How did the hacker gain access to Rockstar’s server? The hacker claims by breaching Rockstar’s internal feed on the Slack messaging app used by employees.

Cyber criminals not only attack gaming organisations – but often the end user. One of the key trends contributing to this (and the exponential growth of the gaming industry) are microtransactions. Microtransactions are where users can purchase virtual goods with micropayments (which can range from decorative character attire or virtual coins to be spent in-game). The microtransaction market is expected to reach over $100 billion by 2026, creating an enormous target for cyber criminals.^[5] That’s a lot of personal information and credit card details being held by gaming companies, ripe for criminals to capitalise on spending power.

The industry is also targeted for 37% of all DDoS attacks (more than the financial sector).^[6]

What can you do?

The key trends and developments make it clear that gaming organisations need to prioritise cyber security and how it can best protect its consumers and their data.

Gaming organisations (whether developers, distributors or retailers) should be:

• making enquiries with cyber security experts to determine the strength of the organisation’s cyber security policies and procedures – and battle-testing the systems to identify any vulnerabilities;
• educating both employees and users about phishing and other cyber security threats;
• analysing and considering what information the company holds and collects. This includes any data retention policies that involve the deletion or de-identification of data (in accordance with regulatory obligations set out in the Privacy Act 1988 (Cth)); and
• ensuring staff are properly trained to prioritise cyber risk.

Gamers should also take steps to protect themselves from cyber criminals. This may include:

• being hyper-vigilant when it comes to any direct messages you receive from other gamers (especially where the message includes a hyperlink that will re-direct you to a web-browser outside of the messaging platform);
• using strong passwords; and
• enabling multi-factor authentication when offered by the platform you are using.

If you would like to discuss your organisation’s cyber hygiene and strategies to mitigate risk, please contact our team of cyber experts at Hall & Wilcox.

^[1] https://www.dfat.gov.au/about-us/publications/trade-investment/business-envoy/business-envoy-february-2022/booming-australian-digital-games-industry
^[2] https://www.invest.vic.gov.au/__data/assets/pdf_file/0004/696739/Invest-Victoria-Digital-Games.pdf
^[3] https://www.akamai.com/resources/state-of-the-internet/soti-security-gaming-respawned
^[4] https://www.cshub.com/attacks/articles/data-breaches-on-gaming-sites-are-becoming-more-common
^[5] https://securitybrief.com.au/story/research-shows-attacks-on-the-gaming-industry-are-getting-worse
^[6] https://securitybrief.com.au/story/research-shows-attacks-on-the-gaming-industry-are-getting-worse