A Radical Shift in Online Threats to the Gaming Industry


As the global gaming industry grows, cybercriminals are taking notice. Online threats to gaming companies are continuing to emerge so here’s what businesses need to look out for in 2023.

A thriving industry means increased online threats

The global gaming industry is predicted to reach $435 billion by 2028. This remarkable upward trajectory has sparked interest among cybercriminals, who have detected an opportunity to take advantage of gaming companies and players alike.

The last year has seen a startling 167% increase in web application attacks against gaming companies. ThreatMetrix Gaming and the Gambling Cybercrime Report found that some 5% of all new accounts created on online gaming platforms and websites are actually held by fraudsters. And in an 18 month period between 2020 and 2022, the gaming industry was overwhelmed by a stunning 10 billion in credential stuffing attacks

The space has recently been rocked by a number of major online attacks that have resulted in major financial losses for gaming companies. In March 2022, hackers breached Axie Infinity’s bridging protocol, Ronin. The cybercriminals were able to steal $625 from the company’s coffers. After the attack, Axie Infinity boosted their security firewall by leveraging bot-screening tool GeeTest. 

In 2021, hackers stole a massive amount of data - 780GB - from gaming industry titan Electronic Arts (EA). That data included trade secrets and proprietary technology, such as game source code and tools for several best-selling games. In blog posts published on underground hacking forums, the cybercriminals behind the online attack even boasted about the data they’d obtained.

It’s critical to note that a successful cyber attack can seriously impact players’ trust in your company and spell disaster for your bottom line.

“Players of games depend on trust, credibility, and predictability when leveraging a brand's game,” says Jonathan Shroyer, a senior executive at consulting firm Arise Gaming. “If they find out there was a hack, or fraud, or other security issues, you will see a dramatic drop in gameplay and spend.”

Major online threats to gaming companies: What you need to be aware of

There are a number of external vulnerabilities facing the online gaming industry. 

  • Online marketplaces may offer cheats and hacks and MAP violations for sale to the highest bidder, or anyone willing to pay.

  • Fake promo codes, fraudulent affiliate accounts, and brand impersonation all run rampant on social media.

  • Third party websites may be used by cybercriminals for phishing and typosquatting.

  • Cybercriminals can leverage paid ads for traffic stealing and malicious links.

  • App stores may unknowingly host illegal APKs and fake app websites.

  • Social media impersonations of executives and brands pose a serious threat. Working with The Sandbox, we removed 120 phishing sites and 58 fake social media accounts from major social media platforms.

It’s clear that a robust approach towards online threats, regardless of platform, is critical for gaming companies to safeguard their proprietary technology, brand reputations, and customer data.

What can be done?

There are a number of steps that gaming companies should consider when crafting your online cybersecurity strategy.

  1. Creating a digital threat map puts you in control

    They help you focus your online cybersecurity strategy. Tools that check connections between digital entities in the digital sphere help you connect the dots and understand exactly where you need to pay close attention. 
  2. Assess vulnerabilities:

    Talk to cyber security experts about the strength of your organization’s cybersecurity policies. Use your digital threat map to analyze and prioritize vulnerabilities, and to uncover scam networks across the board.
  3. Ensure staff and customers are trained on phishing: 

    Your people are one of your best assets for cybersecurity, so be sure to teach both employees and users about phishing and other cybersecurity threats. Ensure that your staff are properly trained to recognize and prioritize cyber risk. Reaching out to your customers and educating them to be aware of the dangers they’re facing, as well as providing them with practical tools for protecting their personal data, is crucial.

  4. Protect the data that your company holds and collects

    That means rolling out data retention policies that require the deletion or de-identification of data after a set period of time. It’s also a good idea to create a company culture that sees data shared on a need-to-know basis, rather than an environment where 
  5. Enforcement experts are extremely important for your company

    They can analyze online threats to determine the most efficient course of action for your organization. You should invest in a robust anti-phishing software solution that includes capabilities such as website duplication detectors and blacklists, among other features.

  6. Monitoring social media: 

    Social media has become the ultimate arena for gamers to communicate and enhance their gaming experience. Scammers know that and focus on social media to impersonate popular gaming platforms, gaming companies, and even CEOs of these gaming companies. Monitoring leading social media platforms enables you to quickly detect scams that users and employees may encounter and is a critical step for your gaming company’s cybersecurity strategy. 

How BrandShield’s gaming industry expertise can help

Unsure of where to start when it comes to your cybersecurity strategy? Don’t stress. We’ve got you.

BrandShield can help create a roadmap to cybersecurity for your gaming company, that’s tailor-made to fit your business’ unique needs. We’re a trusted partner of industry-leading gaming brands, and have extensive experience in developing robust, powerful online protection for gaming companies.

To learn more about how we can boost your company’s protection from online threats and help safeguard your customer information and brand reputation, get in touch with us today.

Don't wait, speak to us