As more and more of our lives have moved to the cyberspace in the last two decades, the question of cybersecurity has come progressively more to the forefront in this period as well. Large scale cyberattacks, from hacks to DDoS attempts, can be debilitating to the receiving party- companies’ private data and information leaked for the world to see, or services forcibly suspended. Game companies have not been exempt from the dangers of cyberattacks either. In fact, we’ve seen more and more of these over the last few years, and each seems to be devastating in nature and massive in scope. Here are five of the more notable ones.
2011 PSN OUTAGE
One of the biggest cyber attacks against a gaming company to this day (or any company, for that matter), the 2011 PSN outage pretty much brought PlayStation to its knees for nearly a month. At the time, there were nearly 80 million registered PlayStation Network users across the PS3 and the PSP, nearly all of which were compromised. Access to the service was completely blocked, and private data from essentially all the accounts was stolen, from personal information to even credit card details. At the time, this was one of the biggest cyber attacks the world had ever seen.
So widespread and far-reaching were the results of this hack that the consequences and reactions spread far beyond just the games industry. Not only did Sony have to comply with queries and criticisms from organizations and commissions all over the world, there were even consequences from international governments, including monetary fines, while Sony would also go on to be slapped by multiple lawsuit due to the large-scale security breach. All in all, it took them over three weeks to deal with the situation and get things back in working condition.
2021 EA DATA BREACH
The Electronic Arts data breach is the most recent entry in this feature, but still quite large-scale. In early June, it was confirmed that hackers had managed to get into EA’s systems and steal source code for a number of things, ranging from FIFA 21 to the Frostbite engine itself, which was subsequently confirmed by the company itself in a statement. Over 780 gigabytes of data was stolen, which allegedly included software development kits for PlayStation and Xbox as well- though thankfully, EA confirmed that no private data of any players had been stolen.
While initially EA received no ransom demands for the data, the hackers would eventually turn to that. At first, they tried to auction off all the data they stole, and when they found no takers, they told EA to pay up, or watch all the data get leaked. EA, of course, did not acquiesce to the demand, and the hackers went ahead and put all of the stolen data on the internet for others to steal and download freely. Given how recent all of this is, we still likely haven’t seen the full effect of this cyber attack, but it’s clear as day even right now that it was a pretty large-scale incident. EA insists that it hasn’t affected their business or security, so there’s that.
2020 CAPCOM RANSOMWARE ATTACK
This one was absolutely devastating for Capcom. In November 2020, the company was hit with customized ransomware that hackers had used to get into their systems through an old backup VPN (that had been kept around to cope with the greater load on the servers due to COVID). Once the hackers got into Capcom’s systems, they managed to steal a lot of data. Personal details – from names to addresses to phone numbers – of over 15,000 past and current employees was stolen, and all in all, Capcom estimated that potentially as many as 350,000 people could have been affected (though the hackers did not, at least, get their digital hands on any credit card information or managed to compromise the company’s online services and networks).
What’s more, the leak also resulted in a surprising number of details and internal documents being leaked about games in development that had yet to be announced. Essentially, Capcom’s entire release schedule for the next three to four years was leaked in excruciating detail, with multiple entries in major franchises being leaked. It was, to say the very least, a huge bummer for Capcom, its employees, and all the people who got spoiled on the announcements that got leaked.
2012 RIOT GAMES HACK
Purely focused on making life miserable for League of Legends players and Riot Games at large, this 2012 hack was a devious (and persistent) attack that would give Riot quite the headache for a very long time. Hundreds of thousands of players had their private information stolen, including names, email addresses, passwords, and even encrypted credit and debit card details, while many players who had invested hundreds of hours into the game and spent large amounts of money on it through in-game purchases lost access to their accounts.
As you might imagine, the hack also resulted in quite a few DDoS attacks, ensuring that large quantities of players would find it pretty much impossible to properly play the game. One of the members of the hacker group responsible for the Riot Games attack was eventually arrested, though interestingly enough, that only happened after not one, but two large-scale cyber attacks against the company perpetrated by the same party.
2021 CD PROJEKT CYBER ATTACK
The last year has not been a good one for CD Projekt. Shortly after the rocky launch of Cyberpunk 2077, while the company was still reeling from the backlash against the game’s shoddy state and disappointing quality, they found themselves on the receiving end of a large-scale cyber attacks. Hackers managed to get into their systems and steal large quantities of data.
Source code was stolen for the Red Engine as well as for a number of games. Meanwhile, internal legal, human resources, and financial documents were also stolen, which, in turn, included private information for a number of company employees, and contracted workers who had worked with the developer. The hackers initially held the stolen data ransom, demanding that CD Projekt pay them in order to keep the data from being distributed. The company, of course, did not comply, and the hackers went on to sell the data to other unscrupulous parties.