Cyber Incident Victim: PokerStars
Date:
Apr 2015
Location:
Isle of Man
Summary
A suspected DDoS attack disrupted operations at PokerStars, causing widespread customer issues including login failures, severe lag, persistent disconnections, and the cancellation or suspension of tournaments over several days. The platform's technical team addressed the problems, though connectivity issues persisted with one of its hosting providers, Manx Telecom on the Isle of Man, potentially exacerbating service disruptions by routing excessive traffic through an impaired node. The incident mirrored similar attacks on other online poker networks, where overwhelming server requests degraded performance or caused outages, though the company did not formally confirm the attack's nature.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In mid-April 2015, multiple online poker platforms experienced significant service disruptions consistent with Distributed Denial of Service (DDoS) attacks. The incidents began on Friday, April 10, and persisted through Monday, April 13, affecting players across several platforms. Betfair publicly confirmed a DDoS attack had disabled its gambling websites, sportsbook, and betting exchange, though its technical team restored services within approximately 24 hours. Unibet also acknowledged being targeted by a similar attack during this period. PokerStars, while not formally confirming an attack, exhibited symptoms matching DDoS patterns: widespread player reports described persistent login failures, severe latency, involuntary disconnections, and tournament cancellations or suspensions across its global platform. Technical infrastructure analysis revealed one of PokerStars' six hosting providers—Manx Telecom on the Isle of Man—remained completely offline during the incident, while the other five hosts maintained full connectivity. This configuration suggested disproportionate routing of user traffic through the compromised host, creating systemic bottlenecks despite partial infrastructure functionality.
The attacks followed an established pattern of DDoS targeting against online poker operators. Four months earlier in December 2014, the Winning Poker Network (WPN) had suffered nearly identical disruptions, forcing cancellation of its $1 million guaranteed tournament after repeated technical countermeasures failed. Historical context indicates DDoS attackers typically overwhelm gaming servers by flooding them with fraudulent connection requests, degrading performance until services become unusable or crash entirely. PokerStars' incident resulted in multi-day service degradation affecting cash games and tournaments, though no financial data breaches or player fund compromises were reported. Network technicians worked continuously through the outage period, with Betfair achieving full restoration within a day while PokerStars' resolution timeline remained unspecified beyond the four-day disruption window. The operational impact included suspended tournaments, refunded player buy-ins, and temporary migration of traffic across functional hosting nodes.