Esports is booming. Recent market research revealed that the industry’s value is set to hit a whopping US 1.8 billion dollars in the next few years. The rise of esports was given a further boost with millions of players and fans around the world turning to the virtual sporting realm amid ongoing restrictions on real-life sports.
According to Forbes, the number of active esports players grows by 40 percent every year while fans range in the hundreds of millions. Numbers like these draw in big-name sponsors, such as Red Bull, and prize money packages that frequently exceed those of physical sports.
As an example, public esports resource Esports Earnings released figures this year showing that Dota 2 has paid out US$210 million in prize money. This isn’t an anomaly, Counter-Strike: Global Offensive followed at US$87.1 million while Fortnite lagged a little behind at US$88.4 million.
In line with these attractive numbers, an increasing number of hackers (and cheaters) have turned their attention to where the money is and are viewing esports platforms and players as viable targets.
Here, we shed some light on esports as a whole and look at specific risks players and fans face. We’ll also share some tips for keeping your data safe while competing or watching.
What is esports?
Esports refers to the world of competitive video games and gaming. Players from varied leagues or teams face each other in the same games that home players use. Think Fortnite, Counter-Strike, League of Legends, Overwatch, Madden NFL, and many others.
Top players are watched and draw followers in the millions from around the globe, either through live gaming events, traditional television broadcasts, or online platforms. Servers such as Twitch allow fans to watch their favorite players, and players to build up a strong fan base. Once these fan bases are built, players can attract top-tier sponsors.
Servers, meanwhile, pay host to thousands of players and fans — and their data.
Some cybersecurity risks associated with esports
In late 2016, the E-Sports Entertainment Association (ESEA), which is one of the biggest gaming communities, was hacked. Its database, containing around 1.5 million profiles, was severely compromised.
According to breach notification service LeakedSource, a total of 1,503,707 ESEA records suffered as a result. Details within those records included first and last names, email address, date of birth, phone number, Steam ID, and others.
A LeakedSource spokesperson pointed to a ransom scheme as the reason for the attack. The hacker asked for US$100,000 in return for the data. In addition, the bad actor offered to keep silent about the hack and help ESEA address its server’s security flaws. Although the extortion attempt ultimately failed when ESEA went public about the breach, the incident serves to illustrate the vulnerability of the platforms used by major gaming communities.
While critical data such as passwords were kept secure, the personally identifying information the hacker managed to glean provides more than enough fodder for a number of social engineering attacks, such as phishing email.
Ransom focused attacks aren’t the only issue, malware has also wreaked havoc on the esports industry. Also in 2016, Kaspersky Lab reported that more than 1,200 versions of the malignant program Steam Stealer were operating on Steam.
The malware gave hackers access to critical user login details. Steam at that time boasted millions of users and that number has only increased. Perhaps most troubling is that Steam Stealer operates a malware-as-a-service model, meaning it is available to purchase by anyone intent on causing problems within the esports world.
More recently, a security flaw in industry giant EA’s Origin client meant users were susceptible to hackers. Electronic Arts did release a bug fix, which affected Windows users with the Origin app, but security researchers noted that without the swift fix, hackers could have run anything they wanted on users’ computers.
Distributed Denial of Service (DDoS) attacks are also a known issue. During tournaments, DDoS attacks result in lost game time, latency, and, for host servers, a potential loss of income and revenue.
Keeping tabs on cybersecurity in esports
Whether you’re an active player or a fan, it’s likely that you’ve put your faith in the gaming communities and platforms you’re a part of — a that often involves handing over credit card information and personally-identifying data.
If you’re not part of the esports world yet but would like to be, or if you’re already active but want to up your cybersecurity gameplay, there are a few simple things you can do to mitigate the risks.
Use a VPN while gaming and participating in esports
Using a VPN to secure your data is one of the simplest ways to protect yourself. Many esports players already use VPN technology to reduce ping time and access new-release games faster.
But the security software’s ability to encrypt data in transmission, protect users from DDoS attacks, and shield users from attacks on open wifi networks should be the primary reason gamers connect their VPNs. For more information on VPNs for gaming, along with all the pros, check here.
Be password savvy
We all know that we should never repeat passwords, use long passwords, and go for random combinations as opposed to easily guessed codes, but for esports players and fans this is even more important. After all, the large communities and data banks are a beacon for threat actors.
If you’re not practicing good password management and one of your online gaming accounts is compromised, you may face issues with accounts on other platforms. Using a password manager and randomly generated passwords is a great way to start securing your gaming life. Additionally, look into using multi-factor authentication.
Avoid offers that seem too good to be true
A Steam scam running in August 2019 utilized a “free game” giveaway site to glean account data from Steam users. The false log-in page and fake popup allowed hackers to bypass multi-factor authentication and access account info, including the user’s friends list. This intel was then used for advanced phishing attacks. The lesson here is that if an offer seems too good to be true, it probably is.
Esports is a booming industry that provides hours of entertainment for players and fans alike. But given the finances involved and the huge amount of user data, esports is increasingly targeted by threat actors. To game and participate safely, keep your cybersecurity ducks in order.
