There have been multiple occasions in which video game companies have been involved in cyber security incidents. While some aim to simply crash gaming servers, others aim to steal company secrets, property, and even player data. Cyber threats are extremely common in today’s world, and chances are you’ve either played or heard of games that have faced these challenges. The impact of these cyber security incidents can often be felt by gamers worldwide. Let’s explore some notable examples of video game companies who have grappled with cyber attacks and the measures taken to safeguard their players and platforms.
In 2021, hackers breached Electronic Arts, a major video game publisher, and stole source code used in their games, as confirmed by a spokesperson. The stolen data, totaling 780 gigabytes, includes the Frostbite engine, powering popular titles like FIFA, Madden, and Battlefield. The hackers claimed to have capabilities to exploit EA services and stole software development tools for FIFA 21 and server code for FIFA 22 matchmaking. Stolen source code might be replicated, sold on the dark web or used for creating game hacks.
Nintendo
In April 2020, individuals started complaining about money disappearing from their Nintendo accounts. Soon after, Nintendo disclosed a staggering breach of 300,000 user accounts, revealing that hackers exploited others’ Nintendo Network IDs without authorization. In addition to logging in to potentially play other users’ games, the hackers were also able to see individuals’ date of birth, country or region and email addresses. They could also access payment services linked to these accounts, including PayPal accounts or credit cards to buy items on Nintendo’s platform.
Riot Games
Riot Games recently faced a security breach where hackers infiltrated its internal systems, resulting in the loss of source code for its popular multiplayer title, League of Legends, along with another game, Team Fight Tactics (TFT), along with the computer code for an anti-cheat platform. The hackers demanded ransom from Riot Games to keep the stolen source code private, but the company publicly announced that they refused to comply. As a consequence, there’s a risk that the hackers may publicly leak or attempt to sell the stolen source code. While both games affected are free-to-play, the theft poses a threat due to potential exploitation by cheaters, who could use the source code to gain an advantage in gameplay.
In 2020, WildWorks the developer of online children’s game “Animal Jam” confirmed that information of to up to 46 million players was stolen as a result of a cyberattack on a third-party server. This data included, email addresses, player usernames, encrypted passwords, birth years, gender records, precise birthdates, and some parents’ full names and billing addresses. However, no real names of children were compromised. They later advised users to change passwords promptly, remain vigilant for potential phishing attacks.
Naughty Dog
Footage of Naughty Dogs game “The Last Of Us Part ll” was leaked prior to its release in 2020. The breach involved exploiting a security vulnerability in previous Naughty Dog games, allowing access to Amazon servers associated with The Last Of Us. Hackers obtained at least one terabyte of data from the server, including developer material for the upcoming game. Although the leaked footage included pivotal cutscenes and gameplay, it remains unclear if hackers acquired a playable build of the game.
Capcom
Capcom, the well known Japanese game developer behind titles like Street Fighter, Resident Evil, and Monster Hunter, faced a server breach that resulted in the compromise of the personal information of nine employees and potentially up to 350,000 customers and business partners. The accessed data included names, addresses, birthdays, phone numbers, email addresses, and photos. This breach was found to be orchestrated by the Ragnor Locker hacker group, who used a ransomware attack to target the company’s network.
Activision Blizzard
Activision, a leading game publishing company known for fan favorites such as Call of Duty and Spyro acknowledged a data breach that occurred late 2022, although they downplayed its severity. The breach involved stolen data, including employee and game-related information, after an employee fell victim to a phishing attack. While Activision claims to have swiftly responded and resolved the breach, cyber security researchers suggest otherwise. Screenshots shared by vx-underground, a cyber security research group revealed sensitive employee details, such as full names, emails, phone numbers, salaries, places of work, addresses, etc. contradicting Activision’s statement.
The gaming industry hold some of the best technological experts in the world and still despite best efforts, sometimes these breaches are unavoidable. This is exactly why proactive measures are crucial. By implementing robust security protocols and contingency plans, companies can mitigate risks and protect both their platforms and players. While cyber attacks remain prevalent, preparation is key. With proactive measures in place, the gaming community can stay resilient in the face of adversity, ensuring that the game goes on.