Cyberattacks against the video game industry and gamers

Cyberattacks against the video game industry have surged in recent years, with the aim of extorting companies and stealing user accounts to sell them illegally

After several delays, one of the most anticipated video games in history, Grand Theft Auto VI, will be released in 2026. However, we’ve known some details about this video game since 2022. Why? A London teenager who was part of the Lapsus$ group successfully attacked servers belonging to Rockstar Games, the developer of the GTA series.

The cybercriminal released snippets of the video game’s source code and images that revealed features such as camera angles and locations within the game’s city.

This case is not an isolated incident; cyberattacks against the video game industry have proliferated in recent years.

Furthermore, it is not only video game development companies that are in the crosshairs of criminal groups, but also hundreds of millions of players worldwide.

What can video game companies do to defend themselves and their players against malicious activity?

Below, we outline the threat landscape and highlight why cybersecurity and cyber intelligence services are key to preventing incidents and managing them effectively.

DDoS Attacks: Taking Down Video Games with Millions of Users Worldwide

The video game industry is the sector most targeted by DDoS attacks globally, and these attacks continue to rise year after year.

Why? Many of the most famous titles are played online in open worlds where millions of players interact.

In October 2025, the Aisuru botnet disrupted the Steam platform—used by millions of users to purchase game subscriptions—and popular games like League of Legends (LoL), Counter-Strike 2, and Dota 2.

Something similar had happened a few months earlier with Battle.net, another online video game developed by Blizzard, the company behind successful games like World of Warcraft (WoW) and Diablo. The company acknowledged that it had suffered a DDoS attack that had caused problems accessing the game and resulted in disconnections.

What are the objectives of these cyberattacks against the video game industry?

• To extort companies by demanding a ransom in exchange for ceasing the attacks.
• To harm the companies behind online video games, which lose millions of euros every hour, they cannot operate normally.
• To make direct profits by manipulating online tournaments. Many games, such as LoL and FIFA, have competitive championships; boycotting or disrupting them can be very profitable for criminals.

Exfiltrate corporate strategy and information about future releases

One of the most notorious cyberattacks against the video game industry in recent years involved the ransomware group Rhysida and the Sony-owned company Insomniac Games.

In late 2023, Rhysida exfiltrated over 1 million files stolen in a ransomware attack on Insomniac. Among the leaked information were details about Wolverine, a future release from the company, an agreement with Marvel to produce three video games, and personal information of company employees.

A year later, Game Freak, the company that develops the Pokémon video game series, disclosed another data breach that affected employees’ data, as well as source code and art designs for its upcoming video games.

What are criminals seeking with these cyberattacks against the video game industry? Primarily, to collect millions in ransom. In fact, Insomniac was demanded a ransom of $2 million.

Why are these cyberattacks against the video game industry critical for companies? They expose the company’s strategy, leaving it vulnerable to competitors who may learn about upcoming releases and the business roadmap.

Additionally, they cause direct financial damage. For example, in the trial of the cybercriminal behind the attack on Rockstar Games, the company argued that the incident had cost it $5 million.

Obtaining player data to commit fraud against them

Cyberattacks against the video game industry are often aimed at stealing players’ personal information.

In fact, a ransomware attack against the Japanese company Capcom resulted in a criminal ransomware group obtaining the personal data of 350,000 players, including some financial information.

As with incidents affecting companies in other sectors, this information allows malicious actors to launch fraudulent campaigns against citizens or sell data on the Dark Web to other actors for fraudulent operations.

Just a few days ago, NationStates, a multiplayer browser-based video game, confirmed a data breach and took its website offline to analyze what had happened and fix a critical code vulnerability that had allowed unauthorized access to player data.

Hijacking player accounts and selling them on criminal marketplaces

When addressing cyberattacks targeting the video game industry and the millions of players worldwide, we cannot overlook the role of social engineering.

For example, during the attack on Rockstar Games, the cybercriminal infiltrated the company’s internal Slack channel by posing as an IT team member.

As we always point out, in many cases, cyberattacks originate from social engineering techniques that provide malicious actors with a point of entry into the companies they target.

Beyond this, it is also important to consider the role social engineering plays in deceiving the gamers themselves. Cybersecurity experts have warned of millions of attack attempts targeting some of the world’s most popular video games, including GTA, Minecraft, and The Sims.

How do these attacks work? Criminal groups offer cracked versions of games so users don’t have to pay, expansions that may appeal to players, or cheat documents to help them succeed in the game.

However, behind all this lie files infected with malware that, once installed on victims’ devices, allow criminals to steal their game login credentials or monitor their activity. To what end? To steal their Steam or video game accounts and then sell them on the Dark Web or in closed forums on apps like Telegram.

This malicious practice demonstrates that cyberattacks against the video game industry can cause severe economic damage to both the companies that develop and market their products and to the players themselves.

Gamers have become a key entry point into corporate systems for malicious actors

As we just noted, malicious actors use search engines and content-sharing platforms like YouTube to promote purported versions of massively popular games, such as Roblox, to younger audiences.

In this way, they trick users into downloading executables that appear to function perfectly, but which are secretly running an infostealer.

This malware can access passwords stored in browsers, session cookies, authentication tokens for professional applications, and even corporate VPNs if the compromised computer is also used for work.

This malicious practice demonstrates that gamers have become a primary entry vector into corporate environments. In fact, a recent study indicates that 40% of infostealer infections originate from video game-related files: mods, cracked games, cheats, etc.

Impersonating games to infect the mobile devices of thousands of people

When discussing cyberattacks against the video game industry, it is important not to overlook mobile games.

For example, criminals have impersonated Hamster Kombat, a mobile game with 250 million users worldwide. As a result, many people have downloaded fake versions of the software that can install spyware and infostealers on their devices.

The impersonation of manufacturers and game brands can thus cause thousands of people to fall victim to scams and, at the same time, damage the reputation of legitimate companies, even though they have absolutely nothing to do with the fraudulent use of their brand.

A classic that lives on: Console jailbreaking opens the door to piracy

When it comes to cyberattacks against the video game industry, we cannot overlook hardware protection against piracy. Yes, we’re talking about consoles and the ability to hack them.

A few days ago, it was reported that the PlayStation 5’s ROM keys had been leaked. This would allow jailbreakers to attempt to decipher the console’s bootloader. Furthermore, these keys cannot be changed because they are directly embedded in the devices’ APUs. Thus, to address this security flaw, the consoles’ chips would need to be replaced.

If the keys are valid, a jailbreaker could decrypt and analyze the bootloader, thereby understanding how the PS5’s boot system works. This would be the first step for malicious actors to create a modified operating system for the console, thereby facilitating the pirated installation of games, as happened years ago with another of the world’s best-selling consoles: the Nintendo Switch.

Cyber Intelligence Services Against Fraud in the Video Game Industry

What we have highlighted in the last two sections underscores the need for video game manufacturers to have cyber intelligence services to investigate and analyze fraud that directly impacts their revenue generation.

How can a cyber intelligence team help companies combat fraud?

• By identifying the tactics, techniques, and procedures of actors who impersonate manufacturers or carry out account theft and their subsequent illegal sale.
• By detecting fraudulent campaigns and deploying countermeasures to neutralize threats.
• By studying the digital footprint of these actors to trace their actions technically.
• By automatically searching for criminal sales channels.
• By implementing preventive and mitigation measures.
• By helping to mitigate the impact of fraudulent operations on brand image.
• By calculating lost profits and the economic and reputational impact of fraud.
• Preparing expert reports for legal proceedings against malicious actors.

Cybersecurity Services to Combat Cyberattacks Against the Video Game Industry

To address cyberattacks against the video game industry that jeopardize critical corporate information and the personal data of customers and employees, it is essential to have advanced cybersecurity services:

• DoS Testing. As we have already noted, video game developers are the primary targets of DDoS attacks. Therefore, it is critical that companies subject their online games to DoS tests that simulate attacks in controlled environments to improve the resilience of backend systems, strengthen auto-scaling capabilities, and identify vulnerabilities that could facilitate such attacks.
• Social engineering tests. These tests simulate social engineering campaigns to assess whether an organization’s staff is trained to handle these techniques. Thanks to these tests, it is possible to train professionals and prevent them from becoming an entry point for malicious actors.
• Source code audits. The video game industry is extremely competitive and increasingly economically significant. This means that not all necessary controls and security best practices are applied when designing games and writing code. A source code audit enables the detection of security flaws in game code, allowing them to be addressed before they are exposed in a production environment.
• Continuous security audits to detect weaknesses once the game is already on the market. These audits help identify application vulnerabilities related to web server configurations or the use of software and frameworks with weaknesses.
• Vulnerability management. Monitoring vulnerabilities affecting a video game and prioritizing their mitigation based on potential impact and likelihood of exploitation is essential to preventing cyberattacks against the video game industry.
• Penetration Testing. Advanced penetration tests simulate cyberattacks in controlled environments to identify the weaknesses an attacker could exploit to steal confidential information, crash a video game, or gain unauthorized access to corporate assets. Additionally, penetration testers compile a list of recommendations to address all weaknesses found during the test.
• Proactive Incident Response. Detecting cyberattacks early and implementing measures to assess the scope of the compromise, respond to the incident, and expel the malicious actor are essential. Above all, given that a cyberattack that jeopardizes business continuity can result in millions in financial losses for a company, and that, in the case of online games, operational continuity is absolutely essential.

In conclusion, it is critical to protect a multi-billion-dollar industry and its users.

Ultimately, cyberattacks against the video game industry pose a major threat to a market already estimated at $300 billion and projected to continue growing steadily.

Cybercriminals are aware of the economic and social significance of video games and, as a result, have set their sights not only on the companies that develop and market games but also on the hundreds of millions of people who play them regularly.

Video game companies must make cybersecurity a key element of their strategies and ensure that games are secure by design and throughout their lifecycle.

Companies that fail to do so risk serious reputational crises, market competitiveness, substantial financial losses, and legal disputes for noncompliance with regulations such as the GDPR.

Surely the streets of Vice City, the city where GTA 6 will take place, will be full of thrills and dangers, but the landscape of cyber threats facing video game developers is no less daunting.