11 massive video game companies recently targeted by cybercriminals

Next story

ESET UK has delved into the biggest cyber hacks in the gaming industry to date. There have been multiple major cyberattacks and security breaches involving video game companies. While some of these attacks aimed to overload and crash the gaming servers through a DDoS (denial of service attack), and some targeted company secrets and IP, many specifically targeted each company’s player base.Below, we’ve highlighted some of the most significant attacks on video game companies in recent years to show how widespread/common these attacks are.

1.Activision Blizzard 

One of the most-hacked video game companies is Activision Blizzard, the publisher of Overwatch, World of Warcraft, and Call of Duty. This year alone, there were at least two major DDoS attacks on Activision Blizzard, both disrupting servers and preventing people from playing. The first attack in January targeted World of Warcraft servers, while a more recent attack in November disrupted online services for four major games.

2.Nintendo

Nintendo was the victim of a security breach in 2020 in which 300,000 accounts were compromised. Hackers accessed enough of account owners’ data to enable fraudulent activity and were also able to spend account owners’ money to buy in-game currency as well as having access to other payment services linked to the Nintendo system. Nintendo responded by refusing victims of unauthorised transactions and urging all users to update their passwords using two-factor authentication.

3.CD Projekt Red

CD Projekt Red revealed in February 2021 that it had been the victim of a cyberattack on its internal network. Hacks temporarily locked CDPR out of their servers, meaning they could not access any important documents and managed to steal the source code for both Cyberpunk 2077 and The Witcher 3. CDPR refused to pay the ransom for the stolen data and the hacker auctioned it off on the dark web, reportedly receiving $7 million in return. 

4.EA

In June 2021, Electronic Arts was the victim of a data breach in which hackers managed to steal the source code for various company IPs. The total amount of stolen data was more than 780 GB, including the source code for FIFA 21, the Frostbite engine, and software development kits for the PlayStation and Xbox. EA refused to pay the ransom, and the data was leaked online for anyone to illegally access and download. Fortunately, no private data belonging to players was stolen by the hackers. 

5.Capcom

Capcom, the company responsible for Resident Evil, Monster Hunter, and Street Fighter, was the victim of a severe security breach in November 2020. Private company files were stolen and encrypted with Capcom’s final breach assessment stating 15,649 player records were lost. The hacker demanded a ransom of $11 million for the data to be decrypted and not released to the public. Capcom did not attempt to pay the ransom, and the data was leaked. This included the stolen personal data, names, addresses, phone numbers and email addresses of players. 

6.Riot Games

Riot Games has seen a whole catalogue of DDoS attacks over the years, bringing down the servers of the popular online game League of Legends, much to the dismay of gamers. The company was recently subjected to a DDoS attack that targeted the team-based competitive tournament mode of League of Legends, Clash. In January of 2021, the Clash servers were severely affected, causing cancelled scheduled tournament games and refunded tickets. 

7.Blank Media Games

A much smaller game studio, Blank Media Games, saw a data breach in 2018 showing that cybercriminals are just as comfortable targeting small companies. The data breach was massive, seeing over 7.6 million accounts affected. A spokesperson for Blank Media Games confirmed that usernames, passwords, IPs and email addresses were compromised, but no payment information was available to the hackers. 

8.WildWorks

Animal Jam is an MMO designed for children up to 12 years of age, launched in collaboration with the National Geographic Society. In October 2020, the game was subject to a massive data breach which affected approximately 46 million account records. Thankfully, no payment information was revealed through this breach, and WildWorks ensured that any potential passwords exposed were useless by requiring all accounts to change their login details.

9.Epic Games

In 2018, Epic Games was subject to a large-scale data breach that compromised the security of millions of Fortnite user accounts, with hackers selling many of them on the dark web and making thousands through hacked in-store purchases. This breach also allowed cybercriminals to listen in on chats between accounts, which children mostly hold. This hack was made possible due to an old unsecured page on the Epic Games website, initially coded in 2004, highlighting the importance of keeping your website and security up-to-date.

10.Naughty Dog

One of the biggest games of 2020 was the hotly anticipated The Last of Us 2. Before its release, however, Naughty Dog was the victim of a hack that leaked significant spoilers for the game. The Last of Us is heavily plot-dependent and this was a disastrous leak for the studio and fans alike. Video game journalist Jason Schreier reported over Twitter that “Hackers found a security vulnerability in a patch for an older ND game and used it to gain access to ND’s servers”.

11.Ubisoft

In late 2020, hacker group Egregor gained access to the internal networks of Ubisoft. This allowed them to steal the Watch Dogs: Legion source code and post it online for anyone to download. Ubisoft was subject to another cyberattack in March 2022 that caused temporary disruption to its games and services. 

Methodology

We wanted to reveal some of the most significant recent security breaches in the video games industry and highlight the need for gamers to take their online security seriously. To do this, we scoured the internet for examples of video companies targeted by hackers and chose to highlight the most recent hacks at the most prominent companies.

We used data from influential digital publications such as Eurogamer, Techradar, Forbes, TechCrunch, Gamingbolt, AnimationXpress and Dark Side of Gaming, and information from strong and Wikipedia.

We then paired this information with a short guide to protecting your information online and limiting the damage a potential leak of your private data could do.