The video game industry, privileged target of hackers

Looking back over the past 17 months, Akamai’s detailed report on Internet attacks reveals that hackers are essentially attacking databases containing private data and that players’ online accounts have become highly sought after.

Twelve billion! This is the number of attacks on websites between November 2017 and March 2019. Common to all these sites: the video game. That’s what the report by Akamai, an Internet safety state of play, is doing this year on the dangers in the video game industry.

These attacks are many and varied, and they put in light a phenomenon: the “credential stuffing.” This is theft of identifiers and passwords to access a multitude of other accounts using the same information to identify themselves. In the players, especially the younger ones, the use of the same username and password is very common.

Russia and Canada, main sources of attacks on players

This report also confirms that  SQL injection attacks (SQLi) account for almost two out of three attacks, up from 44% two years ago. It is by attacking databases, not applications or the game itself, that hackers manage to steal personal information from players. 

Then, once they have recovered an account, they can access the bank information and resell it on the dark web, or use it to buy options if they are themselves players. Another way to monetize this flight: resell the player’s account, and it can earn several thousand euros per player.

Looking more closely at the origin of credential stuffing, Russia and Canada are the two countries that target gamers the most, followed by the United States, Vietnam and India. Good news, France is not in the top 10 of the countries most targeted by its attacks, but it is also a sign that most servers are abroad.