The online gaming industry is under attack. A new Akamai report reveals that cyberattacks on player accounts and gaming companies increased dramatically in the past year, with web application attacks doubling. 

The most concerning trend researchers observed is a 167% increase in web application attacks on the gaming sector over the last year, putting gamers at risk. In addition, gaming remains the industry most hit by distributed denial of service (DDoS) attacks, which account for 36% of all DDoS traffic observed globally across all verticals. 

As of April 2022, web application and API attacks represented the largest category of attacks overall, and they have increased in volume. Since January 2021, the top-three web application attack vectors targeting gaming were, in order, LFI at 38%, SQLi at 34%, and XSS at 24%.

But what does this mean for the gaming industry? Cybercriminals are looking for a few things when it comes to SQLi and LFI attacks. 

According to Akamai, SQLi attacks could yield login credentials, personal information, or anything else stored in the targeted server’s database. So, this represents another way for criminals to control player accounts. Training videos on how to hack video game accounts are commonly shared by criminals, in which SQLi attacks are used to source login data, which is then used as part of a credential stuffing attack.

LFI attacks attempt to exploit scripts running on servers to attack stored data. This can include player and game details, which criminals can use for exploiting or cheating. Given the right access, they might also be able to use this type of attack to gain further access into the networks of gaming companies, Akamai cybersecurity researchers say.

Mobile and web-based games are major SQLi and LFI targets because criminals who successfully pull off attacks against these platforms will gain access to usernames and passwords, account information, and anything game-related that resides on the server.

Companies should mitigate these risks by following security best practices, including having a backup strategy and educating users about phishing and other cybersecurity threats. 

For more information, please visit