Gamers are already familiar with the situation of being hacked and having their accounts compromised, especially in cracked games. But now, game publishers and developers are experiencing similar attacks.
On June 10, Electronic Arts became the latest victim of hackers targeting game source code and data. Earlier in February, the renowned Finnish developer CD Projekt was attacked with a ransom demand using similar tactics to the attack on Capcom in November 2020.
The attacker stole important data and warned Capcom by leaking the company’s game release schedule.
In the two recent attacks, hackers claimed to have obtained the source code for the FIFA series and Cyberpunk 2077, along with a library of source code and digital assets, known as the game engine used to create games. Instead of demanding a ransom, the hackers stated they would auction off these source codes.
In response to the attack, CD Projekt announced that they have rebuilt their core infrastructure, upgraded firewalls, expanded their internal cybersecurity team, and encouraged third parties to assist in ensuring cybersecurity.
EA stated that they lost source code and related tools in the attack but believe that user data is not at risk. Subsequently, EA has strengthened its internal penetration testing team based on the methods outlined in the executive order to enhance cybersecurity signed by President Biden on May 12.
As for Capcom, in a report on April 13, the Japanese game company stated that they have upgraded their technology and established a Cybersecurity Oversight Committee. Related issues were also addressed in this report.
Studios often face enormous challenges in the gaming industry. They must continuously transfer data in and out of online game servers, which means they need security tools customized for different game servers.
Additionally, the high turnover rate in the gaming industry means that entire development teams can be replaced once a project is completed. This creates a scenario where more people have access to sensitive data, posing challenges for security.
Once hackers obtain the source code, they can sell it or use it to attack the game in unforeseen ways. For example, by infiltrating the core functions of the game, hackers could create a tool that allows them to impersonate the publisher and send phishing emails to all players.
 |
Furthermore, counterfeit versions of games could be created with embedded malware for distribution. Although the Play Store and App Store have strict protective measures, such counterfeit versions can be distributed in the secondary market under enticing offers such as hacks, free versions (of paid games), and localized language versions (of games that are only in English)…
Hacking tools not only spread malware but also lead to declining game revenue, especially for competitive games like eSports.
In March, market research company Newzoo estimated that eSports market revenue would reach $1 billion in 2021, with 474 million global viewers. Overall, the gaming industry’s revenue in 2020 equaled that of the American film and sports industries combined, according to estimates by International Data Corp.
In the future, business models such as in-game item sales could be harmed by hackers analyzing source code and finding ways to attack.
EA’s online service revenue currently accounts for 71% of net revenue, reaching $4.01 billion in the fiscal year 2021. Approximately $1.62 billion of this came from FIFA’s Ultimate Team online mode.
EA hopes that the recent attacks will not affect the company’s business operations or stock value on the stock market.
According to WSJ