2016: The Year the Video Game Industry (Finally) Realized Its Cybersecurity Problem.

As the year comes to a close and the world looks forward to 2017, it’s important to look back on significant events that have made an impact on our industry,  and to learn from them.

We’ve seen some troubling events happen in 2016, particularly as it relates to cybersecurity. From Pokémon Go getting hacked within the first two days of its release, to the FBI indicting scammers who swindled Electronic Arts (EA) for millions in in-game currency, there have been plenty of cyber attacks that have, and will continue to, affect video game developers, publishers, and players.

Reflecting on the past year, there are three major cybersecurity trends that have emerged that had an enourmous impact on the video game industry in 2016, and which will doubtless continue to do so in the upcoming year:

In short, it appears that the video game industry is finally realizing what we’ve been warning publishers about since we founded Panopticon Labs in 2013. As the first in-game cybersecurity company to protect online video game publishers from the financial and reputational damage of in-game cyber attacks, we're uniquely positioned to help mitigate the threats facing publishers today and in the future, But for this to happen, executives and operations-level folks must come together, acknowledge the true size and scope of the challenges in their current fraud and risk environment, and put a pragmatic plan in place designed to neutralize bad actors' corrosive affect on the games, and the virtual worlds, we love. I know it's not an easy task, and nobody likes talking about these issues, but in our current monetization enviromnent, where an online game's financial success often depends on reviews, Let's Play videos, and continued mictotransaction sales made by players who return to compelling virtual worlds again and again, they must be addressed.

For reference, below is a detailed timeline of cyber incidents in the video game industry throughout 2016:

2016 Year In Review

MARCH 15: Valve’s Steam Platform is attacked by Steam Stealer malware, resulting in 77,000 accounts being “hacked and pillaged” each month

APRIL: Supercell | Clash of Clans: COC announces its Fair Play initiative, and asks Clan leaders to take its “Fair Play Declaration”

JUNE 3: Blizzard | Overwatch – Within the first week after release, Blizzard permanently banned thousands of players for cheating

JUNE 8: TechCrunch publishes “The gaming industry can become the next big target of cybercrime,” and heavily quotes Panopticon Labs co-founder, Matt Cook

JUNE 22: Trion Worlds – CEO Scott Hartsman “has spent more time combating fraud in the last couple years than making games”

JULY 7: Blizzard sues Overwatch cheat makers for copyright infringement, citing that they have led to a loss of “millions or tens of millions of dollars in revenue”

JULY & AUGUST: Niantic | Pokemon Go – First hack is seen within 2 days of release; the game is flooded with bots that overwhelm the servers; and it has lost 79% of paying players since launch. Niantic permanently bans players who use bots or other cheats and hacks, and threatens bot makers with legal action.

AUGUST 1: G2A is accused by TinyBuild of selling $450,000 worth of stolen game keys

AUGUST 11: Riot | League of Legends – Riot sues LeagueSharp for making LoL cheats, alleging that its cheats disadvantaging its 67 million monthly players and calls it is an “enormous threat.”

OCTOBER: Akamai releases results of “Gaming Trends and Challenges” Customer Survey, which cites account hacks and content theft as 2 of the top four security challenges facing game companies and improving customer retention as their #1 business challenge

OCTOBER 5: Valve | Counterstrike:Global Offensive – Washington State Gambling Commission orders Valve to take actions to ensure that CS:GO skin gambling is halted and threatens criminal prosecution for failure to stop the behavior. Commission cites that one company alone made around $1 billion by facilitating gambling in 7 months’ time

OCTOBER 10: TrendMicro releases “The Cybercrimal Roots of Selling Online Gaming Currency” report, which explicitly connects the gray market with the larger cybercrime ecosystem

OCTOBER: Panopticon Labs co-founder, Matthew Cook, presents “The Online Video Games Gray Market: What? Why? And How?” at Akamai Games Summit and participates in National Cybersecurity Alliance NASDAQ Cybersecurity Summit. He is quoted in Scientific American (also picked up by Salon), The Guardian, MarketWatch, and IEEE Spectrum

OCTOBER 31: CCP | Eve Online – Bans in-game gambling and removes an estimated 30-40 trillion Isk (equivalent to $650 million) from the in-game economy prior to adding a free-to-play option to the game

NOVEMBER 14: Electronic Arts | FIFA – Hackers steal $15M to $18M in coins over 2 years; FBI gets involved; hackers go on trial

NOVEMBER 18: Sony attributes a rash of Playstation account hacks to phishing scams.

DECEMBER: South Korea passes a law that makes developing and selling of hacks and cheats that are not allowed by video games’ Terms of Service illegal, with a punishment of up to 5 years jail time or $43,000 in fines.

DECEMBER 7: PCGamer publishes an article titled “Why is it so hard to stop cheating in videogames?” which provides an in-depth discussion about the difficulties publishers face in beating hackers and cheaters.