Cyber Incident Victim: Valve Corporation
Date:
Dec 2016
Location:
United States of America
Summary
Steam and Origin servers experienced significant downtime due to distributed denial-of-service attacks claimed by hacker groups Phantom Squad and PoodleCorp. The disruptions occurred during a peak gaming period, prompting widespread user complaints on social media and outage reports from monitoring services. Both groups had previously targeted online gaming platforms, with Phantom Squad linked to similar incidents in prior years and PoodleCorp known for attacks on major gaming services. The incident disrupted holiday gaming activities but lacked official confirmation from the affected companies.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On December 23, 2016, Steam and Origin gaming platforms experienced significant service disruptions attributed to distributed denial-of-service (DDoS) attacks. The hacker groups Phantom Squad and PoodleCorp publicly claimed responsibility for the attacks through social media channels, with Phantom Squad having a history of targeting gaming platforms during holiday periods. Users reported widespread login failures and server connectivity issues across both platforms, particularly impacting Steam’s gaming services and Origin’s online infrastructure. The timing coincided with Friday evening, a peak gaming period, exacerbating user frustration as evidenced by hundreds of complaints on Down Detector and direct appeals to support channels like Twitter. No official statements from Valve (Steam’s operator) or Electronic Arts (Origin’s operator) were noted in the source material during the initial outage window, leaving users reliant on third-party outage tracking services for confirmation.
The incident mirrored Phantom Squad’s previous DDoS campaigns against Electronic Arts and Steam during the 2015 holiday season, establishing a pattern of年末 disruptions. PoodleCorp, a newer threat actor, had recently gained notoriety for targeting major gaming services including PlayStation Network, Blizzard, and League of Legends prior to this incident. Social media posts from both groups indicated coordinated targeting of Steam and Origin servers simultaneously, though technical specifics of the attack vectors were not disclosed in available sources. User impacts included disrupted gameplay, multiplayer session terminations, and account access issues, with no reported data breaches or compromises of user credentials. The attacks remained ongoing at the time of reporting, with no documented containment measures or restoration timelines from the affected platforms. Historical context indicated these groups prioritized visibility and disruption over financial gain or data theft, leveraging high-traffic holiday periods to maximize user impact.