Cyber Incident Victim: Americas Cardroom
Date:
Apr 2018
Location:
United States of America
Summary
A popular online poker platform experienced prolonged distributed denial-of-service (DDoS) attacks that disrupted tournaments over several days, forcing repeated cancellations and refunds to players. The attacks caused significant service interruptions, including pauses to all running tournaments and the suspension of major events, while technical teams attempted mitigation measures. Players expressed frustration and some accused the platform of dishonesty regarding the attacks' legitimacy. Though service was intermittently restored, new attack waves continued to destabilize operations. The incident occurred amid broader industry trends of escalating cyberattacks against gaming platforms, with potential connections to recently disrupted DDoS-for-hire services. Ransom demands were made by unidentified attackers during the campaign.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Americas Cardroom (ACR) and its Winning Poker Network experienced sustained distributed denial-of-service (DDoS) attacks from April 24 to May 1, 2018, severely disrupting online poker operations. The attacks began during scheduled maintenance on April 24, when ACR's Twitter account initially announced technical issues before confirming active DDoS mitigation efforts. This forced the immediate pausing of all running tournaments, triggering player complaints and refund requests. Attacks intensified the following day (April 25), compelling ACR to cancel all paused tournaments and issue refunds. A brief respite allowed partial service restoration, but new attack waves resumed on April 26, causing repeated tournament pauses and subsequent cancellations. By April 27, ACR publicly acknowledged the "massive DDoS attack" and suspended all gameplay, canceling scheduled events until 8:00 pm ET while technicians attempted mitigation. Persistent attacks through April 28 necessitated cancellation of all daily tournaments despite continued defensive efforts.
The operational impacts escalated throughout the attack period, with ACR canceling its flagship Million Dollar Sundays tournament on April 29 to preserve competitive integrity. Temporary mitigation on April 29 allowed brief service restoration before attacks recommenced hours later, continuing through April 30 and May 1. This week-long disruption forced continuous tournament cancellations and refunds, rendering the platform largely nonfunctional for players. The attacks coincided with law enforcement actions against the Webstresser.org DDoS-for-hire platform, though no direct connection was established. ACR's website remained offline at the time of reporting, indicating unresolved technical issues. The incident mirrored a September 2017 DDoS extortion campaign against ACR, though the 2018 attackers made no confirmed ransom demands. Player frustration manifested through social media accusations of operational dishonesty alongside demands for compensation, while the organization maintained transparency through real-time Twitter updates regarding mitigation efforts and service interruptions.