Cyber Incident Victim: Blizzard Entertainment
Date:
Jul 2018
Location:
United States of America
Summary
Blizzard Entertainment experienced intermittent distributed denial-of-service (DDoS) attacks targeting its network providers over a weekend, disrupting Battle.net online services and affecting multiple games including Overwatch, World of Warcraft, and Heroes of the Storm. The attacks caused severe latency issues for some players and prevented others from logging in entirely, with regional variations in user impact severity. The company confirmed the attacks had concluded after monitoring ongoing disruptions, characterizing the incident as focused on third-party infrastructure rather than direct assaults on its own systems. Service stability was restored following the cessation of the prolonged DDoS campaign, which notably persisted longer than typical such attacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Blizzard Entertainment experienced a distributed denial-of-service (DDoS) attack beginning on or around Sunday, July 6, 2018, which intermittently disrupted online services through the weekend until resolution on July 10. The attacks targeted network providers supporting Blizzard's Battle.net platform rather than the company's infrastructure directly. This caused widespread connectivity issues across multiple games including Overwatch, Heroes of the Storm, and World of Warcraft. Players reported severe latency during gameplay sessions, while others encountered complete login failures preventing access to services. Impact severity varied geographically, with some regions experiencing more pronounced disruptions than others during peak attack periods. The intermittent nature of the attacks created unstable service conditions throughout the four-day incident window.
Blizzard's customer service team actively monitored the situation and provided status updates via Twitter, confirming the attacks' conclusion on July 10. The company characterized the incident as external network provider targeting rather than a direct compromise of their systems. No data breaches or unauthorized system access occurred according to available reports. The prolonged duration and recurring pattern of these DDoS attacks were noted as atypical compared to standard incidents of this nature. Service restoration occurred gradually as the malicious traffic subsided, with normal operations resuming across all affected games following the final attack wave. The incident highlighted the vulnerability of online gaming platforms to third-party infrastructure disruptions caused by volumetric DDoS campaigns.