Cyber Incident Victim: Entain
Date:
Apr 2015
Location:
Isle of Man
Summary
Multiple online poker and gambling platforms experienced service disruptions due to distributed denial-of-service (DDoS) attacks, with one gambling company confirming its websites, sportsbook, and betting exchange were rendered inaccessible. The attacks caused widespread login failures, severe lag, disconnections, and forced tournament cancellations across affected platforms, with technical teams working to restore connectivity amid infrastructure challenges. Similar prior incidents had previously disrupted operations, including a canceled high-stakes tournament on another network after repeated attack waves overwhelmed servers and degraded service reliability.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In mid-April 2015, multiple online poker platforms experienced severe service disruptions due to Distributed Denial of Service (DDoS) attacks targeting their infrastructure. The attacks began over the weekend preceding April 14, with Betfair confirming its websites—including its sportsbook, betting exchange, and affiliated poker rooms—were rendered inaccessible by the attack. The company's technical team successfully mitigated the attack by April 13, restoring normal operations. Unibet also reported being victimized by similar attacks during this period. PokerStars, while not officially confirming an attack, exhibited symptoms consistent with DDoS targeting from Friday through Monday, including widespread player login failures, severe lag, frequent disconnections, and the suspension or cancellation of tournaments. Technical evidence pointed to infrastructure strain, as one of PokerStars' six hosting providers—Manx Telecom on the Isle of Man—remained completely offline even after mitigation efforts began, forcing customer traffic through overloaded remaining hosts.
The attacks involved flooding gaming servers with illegitimate communication requests, overwhelming their capacity to process legitimate player traffic. This followed a similar pattern observed in December 2014 when the Winning Poker Network (WPN) suffered DDoS attacks that forced the cancellation of its million-dollar guaranteed tournament. During that earlier incident, WPN initially experienced attacks a week before the scheduled event, followed by a temporary lull that created false confidence in system stability. When attacks resumed mid-tournament, technicians unsuccessfully attempted pauses to address freezing tables and player timeouts before canceling the event and refunding all participants. The April 2015 attacks caused multi-day operational disruptions across affected platforms, with PokerStars experiencing prolonged connectivity issues despite partial infrastructure restoration. No threat actors claimed responsibility, and no data breaches or financial compromises were reported in either incident wave.