Akamai Reports a Rise in Game Hacking During the Pandemic

Cyberattacks against gamers have increased during the coronavirus pandemic, according a report from cloud services company Akamai, which detailed that hackers attempted almost 10 billion credential-stuffing attacks to take over accounts. Akamai security researcher Steve Ragan, who wrote the report, noted that, “as games move online and leverage cloud infrastructure and cross-platform and cross-generation play, that’s an attack surface.” “The bigger the attack surface, the more room [hackers] have to play,” he added.

VentureBeat states that the report also “examines motivations driving the attacks and steps gamers can take to help protect their personal information, accounts, and in-game assets.” Ragan explained that when the pandemic hit, gamers “went deeper into their games … [which was] good for criminals.”

Akamai revealed that, between July 2018 and June 2020, it tallied 10.6 billion web application attacks, “more than 152 million of which were directed toward the gaming industry.” The majority were SQL injection (SQLi) attacks which “exploit user login credentials, personal data, and other information stored in the targeted server’s database” although the other notable strategy was Local File Inclusion (LFI), “which can expose player and game details that can ultimately be used for exploiting or cheating.”

The report added that, “between July 2019 and June 2020, more than 3,000 of the 5,600 unique distributed denial of service (DDoS) attacks … were aimed at the gaming industry, making it by far the most-targeted sector.” It stated that, because “the gaming-related DDoS attacks spiked during holiday periods, as well as typical school vacation seasons,” it appears that “the responsible parties were likely home from school.”

But in a survey Akamai conducted with DreamHack, although 55 percent of gamers who identified as “frequent players” admitted to having been hacked, only 20 percent said they were “worried” or “very worried” about it. “There’s a huge disconnect there, even though a lot of players couldn’t recover a compromised account,” said Ragan, who added that players should be worried because “hackers can lock users out of compromised accounts and buy a bunch of things … [and] the user gets stuck with the bill.”

But the Akamai/DreamHack survey also found out that “54 percent of respondents who acknowledged being hacked in the past [feel] it is a responsibility that should be shared between the gamer and game developers/companies.”

TechRepublic reports that the report, “2020 State of the Internet/Security: Gaming – You Can’t Solo Security,” provided tips to gamers for protecting their accounts. First, it encouraged gamers to “never share or recycle passwords and should rely on a password manager to more easily take control of their credentials.”

Multi-factor authentication (MFA) — which is encouraged by Epic Games, Ubisoft, Blizzard, Valve and others — lets the user “set up multiple ways to confirm your identity” but two-factor authentication “can serve in a pinch.” It encourages gamers to “log in through official gaming apps and services and not through third parties … [and to] remember that no customer support or company representative for a game you play will ever ask for personal or financial information or authenticator codes for you to use your game or account.”