Cyber criminals are taking aim at online gaming for their next big pay day

Researchers find a million compromised corporate accounts of game companies on underground forums, and warn that the industry is a lucrative target for malicious hackers.
Written by Danny Palmer, Senior Writer

Nearly one million compromised accounts providing internal access to video game companies are up for sale on dark web forums as cyber criminals increasingly turn towards the online-gaming industry as a high-value target, a security company has claimed.

The online-gaming industry is set to reach almost $200 billion in revenue by 2022. But despite this, some areas of the industry still aren't prioritising security – and that could put organisations and their customers at risk from hackers.

Cybersecurity company Kela examined underground forums and found an ecosystem based around buying and selling initial network access to gaming companies, as well as almost one million compromised accounts of gaming employees and clients up for sale – with half of those being listed in 2020 alone.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

Compromised credentials up for sale – often only for just a few dollars – include usernames and passwords for all manner of business resources used by employees throughout gaming companies, including admin panels, VPNs, developer environments, client facing resources and more.

But in some cases, cyber criminals don't even need to scour underground forums for adverts selling compromised accounts – researchers say there are 500,000 leaked credentials available for free as a result of previous data breaches.

These include what the company described as "high-profile email addresses such as senior employees and email addresses that are generally a significant channel in the company" including finance, HR and IT support.

With this sort of information in their hands, cyber attackers could gain access to the wider network – or even the networks of other businesses that form part of the compromised target's supply chain.

These could be attacks designed to harvest additional credentials for additional exploitation or it's even possible that the compromised credentials could be used to deploy ransomware on the network. 

Online gaming can be a lucrative business and cyber criminals know this which is why there's been an increase in underground activity looking to target these businesses, with users either selling or asking for access to online-gaming companies around the world to varying degrees.

In once instance, researchers messaged a seller who was offering access to the cloud storage of a "major game developer" – and the sellers offered access to that resource, as well as a "major Japanese game developer", suggesting that some of the hackers in this space have much wider access to compromised companies than first thought.

"As we've all been observing – attacks and attackers are becoming more sophisticated and customized to the victim. Some attackers try to search for the specific data and information that is relevant to the scope or industry of the victim and reproduce the successful attacks," researchers said in a blog post.

SEE: How do we stop cyber weapons from getting out of control?

In order to help prevent online-gaming companies having credentials stolen or falling victim to other cyberattacks, it's recommended that they implement unique passwords for employees – so that they're not using the same passwords in two places, meaning that if they can be identified in another breach, the password won't work with their corporate account.

It's also recommended that organisations apply multi-factor authentication policies across the business, so if cyber criminals do gain access to corporate login credentials, it's much harder for them to gain access to the network and to move around it.


Editorial standards