Cyber Incident Victim: Riot Games
Date:
Dec 2016
Location:
United States of America
Summary
A distributed denial-of-service (DDoS) attack disrupted multiple online gaming platforms, including League of Legends, Steam, and Origin servers, with hacker groups Phantom Squad and PoodleCorp claiming responsibility. The coordinated attacks caused widespread outages during peak gaming periods, frustrating users unable to access services, mirroring previous holiday-season disruptions by these groups targeting major gaming infrastructure. PoodleCorp notably expanded its activities beyond this incident to target other prominent gaming networks like PlayStation, Blizzard, and Pokémon Go.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On December 23, 2016, online gaming platforms Steam and Origin experienced widespread server disruptions attributed to distributed denial-of-service (DDoS) attacks. The hacker groups Phantom Squad and PoodleCorp publicly claimed responsibility for these attacks through social media channels, with PoodleCorp members actively posting about their involvement on Twitter. The attacks coincided with the Christmas holiday period, continuing a pattern observed in prior years where threat actors targeted gaming infrastructure during peak recreational periods. User reports flooded platforms like Twitter and Down Detector, with players expressing frustration over being unable to access services, particularly noting the timing on a Friday evening—a high-traffic period for online gaming. Electronic Arts' Origin platform and Valve's Steam service were primary targets, though historical context indicated PoodleCorp had previously disrupted League of Legends North American servers alongside other major titles like Pokémon GO and Grand Theft Auto Online.
The operational impact manifested as extended login failures and service unavailability across affected platforms, though neither Valve nor Electronic Arts issued immediate official statements confirming the root cause. Down Detector's outage maps corroborated user-submitted reports showing concentrated disruptions across North America and Europe. Phantom Squad maintained continuity with their established modus operandi, having executed similar DDoS campaigns against the same targets during the 2015 holiday season. PoodleCorp, a relatively newer entity, amplified the disruption by simultaneously targeting multiple gaming ecosystems. Social media analysis revealed attackers taunting users during the outages while players voiced complaints about ruined gaming sessions. The incident highlighted persistent vulnerabilities in gaming infrastructure to volumetric attacks, though technical mitigation measures implemented by the affected companies were not disclosed in available public reporting during the event's initial phase. Service restoration timelines remained unverified in contemporaneous accounts.