Playing games, getting hacked

Insights, interviews and inspiration from every corner of the cybersecurity industry – in your inbox every week. 

This week we’re focused on…

Gaming platforms, and why they’re getting hacked. 

High-volume transactions create risk potential

Popular gaming platforms are busy. Millions of users logging in every day, real-money systems humming in the background, and communities more passionate than any other digital sphere (except possibly crypto).

Stephen Bennett (Global CISO at Domino’s) doesn’t protect a gaming platform, but he is responsible for the security of an incredibly high volume of transactions – pizza sales, to be precise. When we asked him what keeps him up at night, he said:

“Imagine trying to keep a lot of different plates spinning. When they start to wobble, I need to dive in to just apply just the right momentum to keep that plate spinning. As these plates are spinning and more plates are being added I need some help and need to hand out some spinning plates to someone else, who I need to make sure is applying that very same momentum to keep things spinning.” 

Security for a fast-paced, transaction-intense sector is tough. And when a plate gets dropped, threat actors move in fast. 

We’re seeing a surge in targeted fraud 

According to Sumsub’s latest report on identity verification in the iGaming industry:

• 83% of iGaming operators saw fraud increase in the past year.
• The deposit phase (where players top up their wallets) is especially under siege.
• 78% of operators spotted AI-generated fake documents in their KYC flows.

With account takeovers up 23.8%, and identity fraud neck-and-neck with money laundering at 64.8%, gaming platforms are bleeding data and cash.

Phishing and info-stealers are doing damage

When BHMEA speaker Graham Cluley wrote about attacks against blockchain gamers in his newsletter, he pointed out that “in all likelihood, victims are being selected based upon their enthusiasm for all things cryptocurrency-related.” 

And similarly, the enthusiasm that gamers have for games could be a vulnerability in itself. 

A single well-timed Discord message, for example, promising rare skins, can lure a gamer in. Reddit is full of stories about scams masquerading as ‘Try my game’ bots dropping RATs – like the infamous Bby Stealer, which steals everything from credentials to linked payment methods, then quietly moves across a victim’s friends list. 

Meanwhile, r/antivirus is full of alerts about infostealers targeting saved browser cookies, cryptocurrency wallets, and login credentials.

Gamers think they’re getting a freebie. What they’re actually getting is data exfiltration.

Enticing cheats have hidden motives 

The Sumsub report noted that in-game cheats can operate as backdoored entry points. A gamer might be drawn to an aimbot, wallhack or packet manipulation tool to ease their journey through a game. But these tools often bundle malware or info-stealers – so the player ends up unknowingly installing a script that records their keystrokes, snapshots, or session tokens; complete with remote command-and-control access. 

Why does gaming matter more now?

It comes down to scale and value. 

Gaming platforms handle hundreds of millions of financial transactions a day. Add to this the strong community bonds and influencer-driven culture within gaming, and a single compromised account can lead to rapid, viral scams.

And beyond data theft, it’s worth noting that disruption is also lucrative. The infamous 2014 Lizard Squad attacks on Xbox Live and PlayStation Network knocked millions offline and demonstrated how DDoS campaigns can be leveraged for blackmail. As games shift to a live-service, always-online model, even a few minutes of downtime means lost revenue and serious damage to customer trust.

What needs to change?

Increasingly, gaming platforms need to move away from traditional enterprise defences and establish more sector-specific, agile controls. Holistic fraud monitoring is essential, along with robust phishing detection – including on chat apps like Discord. Threat hunting protocols need to include active infostealer and RAT monitoring; and all cheat or anti-cheat software must be vetted. 

Gaming platforms are fun. But they’re also fast lanes to financial and social data; often with low friction for attackers. So cybersecurity needs to set the rules – using a hacker’s mindset to build smart defences. 

Are gamers more vulnerable in 2025? 

We want to know what you think. Open this newsletter on LinkedIn and share your perspective in the comment section – we’ll see you there.