The Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG) (has long worked to address various forms of online abuse across platforms, applications and the broader Internet. At last month’s 57th general meeting, attendees learned more about abuse in online gaming environments and what the industry is doing to help address it.
Steve Guris and Maria Thomas of Unit221B presented background on abuse in gaming with several case studies.
Abuse targeting gaming developers and their staff is related more broadly to cyberbullying, which targets users primarily between 18 and 29 years old. More than 40 percent of U.S. adults using the Internet have reported some form of online harassment. According to the same source, users are bullied for political viewpoints (55 percent) as well as for physical appearance, race and ethnicity, gender, religion, and occupation.
Also according to a recent report from Statista, “Cyberbullying is a form of harassment in digital communication mediums, such as text messages, internet forums, chat rooms, and social media. As opposed to real-life bullying, online bullying takes advantage of the anonymity of the internet, as well as the possibility to quickly spread rumors, gossip, photos, or (mis)information to large groups of people.”
The session highlighted a recent case in which a well-known game developer was able to identify and stop a user who had repeatedly threatened a staffer. The staffer, who worked to help promote Bungie’s Destiny wildly popular first-person shooter game with tens of millions of users, had used his personal account to tweet about a relationship the game had with a rap artist. An immediate campaign revealing the staffer’s personal info, or doxing, personal threats and online attacks quickly followed and extended to the staffer’s spouse.
The abuse continued with a delivery made to the staffer’s home. Other employees received calls and threats as well using offensive language. Using clues from the attacks, investigators were able to determine the abuser was part of a far right-wing social network and was using a phone service that offers anonymous service. This newspaper article offers more details.
With the help of police, investigators and the judicial system, the abuser was identified and justice was done.
“Threats, abuse and attacks unfortunately have become increasingly directed personally to online gaming moderators, social media staff and others. This one case demonstrates that no cyberbully is above the law and cannot hide behind “anonymous” services, social media handles or usernames,” noted Guris.
The gaming industry in particular has become very aware of harassment. A State of the Game Industry 2023 survey technology found that 67 percent of workers consider company culture a leading factor when considering their next job.
Tellingly, 42 percent note that player toxicity and harassment directed at developers/studios is a very serious issue; another 36 percent said it’s a serious issue. Forty percent have direct experience with harassment and 19 percent have seen it directed to a colleague or team member.
This case is just one of many that are being investigated, litigated and addressed by developers and the legal system. Bungie employees also have been harassed and threatened online and in real life over issues relating to banned users.
Addressing online abuse in any environment is a challenge. Forty-eight U.S. states have passed cyberbullying laws, most of them including criminal sanctions for electronic harassment.
Resources for online abuse in gaming and related industries can be found here:
M3AAWG and its members continue to identify and address these kinds of issues across messaging and the Internet and to contribute and comment on related policy issues. Recently, M3AAWG announced its focus areas to align its work for maximum impact around current and emerging cybersecurity and enterprise computing issues. The focus areas include readiness, data and identity protection, communications and supply chain as well as continuing organizational development, diversity and inclusion.
Our published best practices can be found here, and our public policy comments, including recent comments to proposed changes to the U.S. National Institute of Standards and Technology cybersecurity framework here.