Home / Technology / News /  Gamers in the crosshairs as hackers play spoilsport
Listen to this article

NEW DELHI : On 23 June, Hyderabad-based gamer Siddhartha Anumula posted a thread on Twitter, detailing how he fell prey to a hacker on Sony’s PlayStation Network (PSN).

Anumula was first logged out of his PSN account on 17 June. After this, the hacker used the credit card details saved on Anumula’s account to buy games worth 11,000. Sony subsequently suspended Anumula’s account for chargebacks.

Anumula’s angst is just an example. As the Indian gaming market grows, cyberattacks on gamers have become rampant.

Three in four gamers in India have experienced some form of a cyberattack on their gaming account, as per a November report by security firm NortonLifeLock. Four in five gamers lost a little under 8,000 on average because of these attacks, the report said.

“With the advent of real money games and more developers building in-app purchases into their gameplay and more transactions taking place within games themselves, there is a greater opportunity for criminals to capture high-value data like banking information and personal identifiers," said Sidharth Pisharoti, regional vice president - India, South East Asia and Asia-Pacific Japan, Akamai Technologies.

Gaming apps today are “no different" from fintech and banking applications, which store personally identifiable information (PII) for transactions, Pisharoti said.

Media consumption habits have undergone a major shift after the pandemic. In August, market research firm ENV Media Analysts reported that major app and game distributors, including Google Play and Apple App Store, saw a 50% jump in engagement over the past year. Around 62% of Indian gamers interviewed for the Norton survey said they started online gaming during the pandemic.

Like most users, gamers might also be easy targets because of their behaviour online. Many gamers admit that they partake in “risky behaviour" online, such as sharing personal information, repeating the same username, passwords and more, said Ritesh Chopra, director, sales and marketing, India and SAARC, NortonLifeLock.

Gamers are not the only ones under fire. Gaming firms have seen a significant increase in attacks too. Akamai had recorded a 340% year-on-year increase in attacks on the gaming industry last year, Pisharoti said. “Credential stuffing" and “bot attacks" jumped by 224%, he said.

Credential stuffing is a type of cyber attack where attackers use data obtained from one data breach to login to unrelated services. In bot attacks, hackers use automated web requests to defraud users, disrupt services and steal data.

Attacks had grown “in the last few years", agreed Amit Sharma, chief technology officer, DreamSports, the parent company of fantasy sports platform Dream11.

Akamai also noted that while distributed denial of service (DDoS) attack volumes dropped by 20%, the ones that occurred were still “massive" and disrupted communications of gameplay. In these attacks, hackers disrupt services by overwhelming the servers with automated traffic.

“We have seen an increasing number of cases where malicious agents are able to manipulate leaderboards and breach the all-important trust that is essential for the industry to thrive," Pisharoti said.

Gamers disregard internet best practices to get ahead, while gaming firms often deprioritize security in the rush to launch new games, he noted.

Lastly, the growing interest in non-fungible tokens (NFTs) and blockchain gaming is another factor that makes targeting gamers lucrative.

Chopra said that there have been multiple cases of “game developers having their work copied without permission" and sold as NFTs.

This process is known as “sleepminting" and can also allow a fraudster to mint an NFT from the game developer’s wallet and transfer it back to their own account without alerting them.

To be sure, gaming companies are taking measures to protect themselves too.

Dream Sports said it has a security team that looks at application security, data security and cloud security. The company also has a bug bounty program and runs penetration tests frequently with help from cybersecurity companies.

“Internal teams also work closely with our developers to ensure there are no vulnerabilities when things are going live. We also vet the tools thoroughly before using them," said CTO Sharma. Regional language focused gaming platform Winzo also said that spending on cybersecurity is a “top priority" for the company.

Subscribe to Mint Newsletters
* Enter a valid email
* Thank you for subscribing to our newsletter.
Recommended For You
Edit Profile
Get alerts on WhatsApp
Set Preferences My ReadsFeedbackRedeem a Gift CardLogout