The world of electronic gaming has practically eclipsed other forms of entertainment in terms of combined income, and was expected to rake in 170 billion by the end of 2020. Which isn’t far off, as gaming has taken the place of other social activities and sports events. By 2022, that amount could reach 200 billion. Gaming therefore is now expected to be the next lucrative source of income for hackers aside from healthcare.
The gaming industry’s struggle against cybercrime is nothing new as there have been several notable instances of cybercrime against gaming companies and gamers, most notably the attack on Sony Playstation Network of 2011 followed by the hack on Sony Pictures on 2014 and lately, the hack on Naughty Dog in 2020. Primary targets by hackers are user accounts from game companies which include credentials which often leads to credit card details. It’s no longer a game of being able to run games without paying. This time, they’re in it for a chunk of that 200 billion-dollar pie.
According to cybersecurity company Kela, there exists a massive ecosystem of buyers and sellers of compromised gamer accounts, gaming employee credentials and other sources which has notably grown in 2020. The market has only grown thanks to the current pandemic keeping everyone inside literally twiddling their thumbs. These hacked credentials cost only a few dollars a set, which of course amounts to millions when totaled, considering the hundreds of thousands of harvested credentials in the wild. While there are hackers who harvest, there are also attackers.
Where some hackers sell credentials in bulk on the cheap, others will buy and sift through them to gain a fortune and cause all sorts of damage; as these cheap credentials include some hidden gems such as those belonging to higher profile employees.
Organizations, not just those related to gaming, are encouraged to have their employees use unique rotating passwords so harvested credentials have less chance of infiltration as well as promote awareness against online phishing attempts.