Cyber Incident Victim: Blizzard Entertainment
Date:
Jun 2016
Location:
United States of America
Summary
Battle.net experienced a service outage disrupting access to multiple games including Overwatch, Hearthstone, and World of Warcraft due to an alleged DDoS attack claimed by the Lizard Squad group. Players reported login failures, disconnections during matches, and concerns about potential penalties, while the company acknowledged authentication server issues without confirming the attack; a group member stated the disruption targeted authentication infrastructure—accidentally affecting all client services—and characterized the incident as preliminary testing for future actions before services were restored.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On June 20, 2016, Blizzard Entertainment's Battle.net service experienced a widespread outage affecting authentication servers, preventing players from logging into multiple games including Overwatch, Hearthstone, World of Warcraft, Heroes of the Storm, and StarCraft II: Legacy of the Void. The disruption began when servers became overwhelmed by traffic consistent with a distributed denial-of-service (DDoS) attack, causing failed or delayed login attempts and disconnections during active gameplay sessions. Players reported particular frustration with Overwatch disconnections due to Blizzard's strict penalties against premature match exits, raising concerns about unintended account sanctions. Blizzard's Customer Support team acknowledged the issue via Twitter, confirming investigation into authentication server problems but did not initially attribute the outage to malicious activity. The hacker group Lizard Squad claimed responsibility through member AppleJ4ck, who tweeted "Here we go" coinciding with the attack's onset and later mocked affected gamers by stating they were being helped by having their attachment to "a couple of pixels" disrupted.
AppleJ4ck clarified that the primary target was Blizzard's authentication infrastructure rather than specific game servers, though he noted an unexpected routing configuration caused collateral damage across all Blizzard titles. The attacker claimed discovery during the incident that authentication traffic passed through what appeared to be Overwatch server infrastructure, amplifying the disruption's scope. Following hours of service interruption, Blizzard resolved the technical issues and restored normal operations, though the company never formally confirmed the DDoS attribution. AppleJ4ck characterized the attack as preliminary testing for future operations, warning of a "main event" to come. The incident highlighted persistent vulnerabilities to DDoS attacks across gaming platforms and the operational challenges posed by geographically dispersed threat actors, with the attacker cynically noting jurisdictional limitations by stating "You can't arrest a lizard" when referencing law enforcement difficulties in prosecuting such groups.