Cyber Incident Victim: Riot Games
Date:
Aug 2016
Location:
United States of America
Summary
A hacker group known as PoodleCorp claimed responsibility for distributed denial-of-service (DDoS) attacks targeting Blizzard Entertainment and League of Legends servers, causing widespread service disruptions, latency issues, and login failures for players. Blizzard publicly acknowledged the attacks on its BattleNet services, confirming ongoing mitigation efforts, while Riot Games did not formally confirm the incident despite player reports of North American server outages. PoodleCorp, previously linked to attacks on Pokémon Go, Battle.NET, and YouTube channels, announced the attacks via Twitter and indicated plans to target additional gaming networks. Service interruptions subsided following the group’s cessation of attacks, though investigation into residual impacts continued.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 2-3, 2016, hacker group PoodleCorp executed distributed denial-of-service (DDoS) attacks against Blizzard Entertainment and Riot Games' League of Legends North American servers, disrupting online services for both gaming platforms. PoodleCorp publicly claimed responsibility via Twitter, announcing they had shut down Blizzard servers in Europe and the United States along with League of Legends' NA infrastructure. The attacks coincided with widespread player reports of connectivity issues across Blizzard's Battle.net platform, affecting games including World of Warcraft. Blizzard's customer service team confirmed via multiple tweets that they were monitoring ongoing DDoS attacks against their network providers, which caused latency spikes and login failures throughout August 2nd and 3rd. By August 3rd, Blizzard reported the DDoS incidents had concluded but were investigating residual World of Warcraft server instability. League of Legends players simultaneously experienced outages in North America, though Riot Games did not publicly acknowledge a cyberattack, instead directing inquiries to their server status page which showed NA servers as offline during the incident period.
Blizzard maintained continuous public communication through their @BlizzardCS Twitter account, issuing four service updates within 24 hours that detailed attack monitoring, ongoing service degradation, attack conclusion, and subsequent recovery efforts. The company confirmed the attacks specifically targeted third-party network providers supporting their infrastructure. In contrast, Riot Games provided no formal statements regarding the NA server disruptions despite player complaints and PoodleCorp's claims, with customer support representatives declining to confirm the attack when contacted by media. PoodleCorp ceased attacks approximately 12 hours before media reporting concluded, tweeting their intention to target another gaming network. The group had prior notoriety for DDoS attacks against Pokémon Go, Battle.net, StreamMe, and high-profile YouTube channels. Service restoration timelines differed between companies, with Blizzard regaining full Battle.net functionality before Riot Games' NA servers came back online, though neither organization disclosed technical mitigation details or player impact statistics.