E-sports is a booming industry. According to recent market research, e-sports’ market value is predicted to hit around 1.8 billion dollars within a few years. The flourishing industry was given a further boost courtesy of the pandemic. Millions turned to the virtual realm for a sports fix as lockdowns and stay-at-home orders prevented fans from playing physical team sports or attending matches.
Forbes recently reported that e-sports players increase by 40% percent yearly, and community fans number in the millions. These impressive figures attract major sponsors, including Red Bull, and prizes that often surpass what is awarded to players of physical sports.
For instance, Esports Earnings data from 2020 showed that Dota 2 paid out $210 million. Counter-Strike: Global Offensive came second with $87.1 million, and Fortnite paid out $88.4 million.
Given the cash incentives involved in the industry, hackers (not to mention cheaters) are increasingly focused on e-sports and e-sports platforms as potentially profitable targets.
If you’re an active e-sports player or a fan involved in the community, you face a specific set of risks. Here, we take a closer look at what players and fans need to know and how to boost their cybersecurity practices.
The e-sports ecosystem in a nutshell
E-sports means competitive video games and gaming. Players worldwide form leagues and teams or play as individuals. The players then match each other in online games such as League of Legends, Overwatch, Fortnite, Counter-Strike, etc. Players at the top of their game attract millions of viewers and followers.
Fans follow their progress in live gaming events, on online platforms, and even TV broadcasts. Dedicated platforms, including Twitch, connect players with fans and allow the former to grow their fan bases. Players with those strong fan bases can then attract corporate sponsors. The servers that facilitate the process host millions of players and fans and hold personal and financial data on both groups.
Cybersecurity risks in e-sports: Hacks, thefts, flaws, and malware
One of the largest gaming communities in the world, the E-Sports Entertainment Association (ESEA), was attacked in 2016. ESEA’s database at the time contained slightly more than 1.5 million profiles. According to LeakedSource, more than a million ESEA records were affected by the hack — players and fans alike had their first and last names, birth dates, phone numbers, email addresses, and Steam IDs compromised.
A spokesperson for LeakedSource said a ransom scheme was behind the attack; US$100,000 was demanded in return for the users’ data. The hacker or hacking group (cybercriminals are more organized than many people suspect) responsible for the attack promised their silence and assistance with ESEA’s security issues in return for payment, too.
ESEA did not engage with the hacker, and the ransom scheme failed when the group publicly announced the incident. Still, it goes to show just how vulnerable these platforms and servers are in the face of sophisticated cybercriminals. Key server data, including passwords, were safe. However, the hacker still managed to gain plenty of personal information that could have been used in several ways, be it sold online in dark web criminal forums or used to run social engineering attacks.
The cybersecurity threat to e-sports goes far beyond ransom and extortion schemes. Malware is a pressing and ongoing issue in e-sports. Kaspersky Lab reported that over 1,200 versions of Steam Stealer, an aptly named malware program, were active on the Steam platform in 2016. At the time, Steam had millions of users, a figure that has only increased in the five years since.
Steam Stealer gives hackers access to user log-in details, which then means threat actors have access to users’ financial and account details. Many users don’t realize that a lot of malware, including Steam Stealer, is available to purchase under a malignant software as a service (SaaS) model, much like we use and buy other software programs, threat actors can purchase malware. Some cybercriminal groups even offer ongoing tech support to their clientele. Any individual intent on hacking e-sports platforms can find malicious programs that help them achieve their goals.
Not every issue is caused by threat actors, though. In 2019, TechCrunch reported that Electronic Arts (EA) Origin client had a security flaw that meant Windows users with the Origin app were at risk. While EA addressed the issue quickly, researchers noted that hackers could have run malicious programs on users’ devices without the update.
Keeping tabs on cybersecurity in e-sports
Most active e-sports players and fans place a lot of faith in the platforms and communities they use. And most have no qualms about sharing their personal and financial information. But given the threat level, this faith isn’t enough to keep users safe. If you’re in the community, it’s high time to up your security standards and keep your data and information safe. Here’s how:
Always use a Virtual Private Network (VPN)
One of the easiest and best ways to protect your data is through a VPN. This security software performs multiple functions simultaneously: it generates a private browsing network and encrypts data transmissions. In an e-sports gaming context, a VPN can also be used to reduce ping times. You should choose a high-quality paid subscription, such as ExpressVPN, for the best speeds and ensure your gameplay or stream isn’t affected.
Be suspicious of amazing offers
Scams are rife in e-sports, and many of them involve offers that seem way too good to be true. For the most part, they are. For example, in August 2019, a scam running on Steam promised a free-of-charge game. Users who clicked on the offer were guided to a fraudulent ‘giveaway’ site that stole their data. A fake login page and pop-ups meant that the hackers could bypass multi-factor authentications and then access users’ account information.
Practice good digital hygiene
We all need reminding to follow the basics of online digital hygiene, but for e-sports participants, it’s even more important. Never repeat passwords across sites and platforms, use long and complex passcodes, and don’t include personal data in your codes. In 2021, “password123” and “qwerty987” are sure to result in an issue.
In addition, players and fans should log out of their accounts when they’re not active online and consider not allowing platforms to save their credit card information. Multi-factor authentication is also a great way to add another layer of security.
E-sports is generally safe, but because the industry attracts big-name sponsors and their corporate dollars, it also attracts threat actors. Players and fans should follow the tips above to stay safe while gaming and watching.