Akamai: Web Application Attacks Are 167% Against Gamers

Interested in what the outlook is for the gaming industry? Join gaming executives to discuss the emerging parts of the industry this October at GamesBeat Summit Next. Register today.


It’s dangerous to be a distracted player these days. Research from Akamai’s people almost confirms this. Attacks by cybercriminals against player accounts and gaming companies are on the rise. From May 2021 to April 2022, web application attacks increased by 167%.

Web application attacks, to break it down, are the things you think about when someone talks about being hacked, like a phishing email. But they can get more complicated than that, like SQL injection attacks. They are a bit like continually rummaging through a website’s database to force it to respond.

The top three web application attacks this year are LFI attacks (38%), SQLi attacks (34%) and XSS attacks (24%). DDOS attacks increased by 5% this year as well. There were 821,648,208 attacks on web applications this year, in the gaming industry alone.

The question is why is there such an increase? the answer? It’s money. It’s always about money.

Cybercriminals use this type of attack to breach game systems and accounts, which can grant them access to player credentials, passwords, account details, and more. Getting access to backend databases can allow them to create cheats in games, then spin and sell them. They can silently manipulate gambling economies for their own ends, usually in pursuit of real money.

It’s not just a silent manipulation either. Once the hackers have a stash of the player’s login credentials, they can use those accounts as disposable advertisements. I’m sure we’ve seen all accounts sell gold in MMOs. It’s all part of the scam.

The future looks like trouble

Akamai’s research suggests that the industry’s push towards cloud gaming could cause problems in the future. Cloud services offer a wider attack field; instead of a single game, hackers could target all games on the service.

So what can players do? Well, honestly, that’s a lot of the same tips and tricks we’re already using. Don’t click on suspicious email links. Do not visit unsecured websites. Enable two-factor authentication.

Specifically, app-based two-factor authentication. It is useless if you are receiving email codes and your email is hacked. Cross your fingers that the games and services you use are protecting themselves.

The creed of GamesBeat when it comes to the gaming industry it is “where passion meets business”. What does this mean? We want to tell you how important news is to you, not only as a decision maker in a game studio, but as a game fan as well. Whether you read our articles, listen to our podcasts or watch our videos, GamesBeat will help you learn about the industry and have fun engaging it. Learn more about membership.