Cyber Incident Victim: Square Enix Co., Ltd.
Date:
Oct 2018
Location:
Japan
Summary
A series of DDoS attacks disrupted multiple gaming companies, including Square Enix and Ubisoft, impacting online services for titles such as Final Fantasy XIV, Assassin’s Creed Odyssey, Rainbow Six Siege, and For Honor. The incidents caused connectivity issues and server latency during a major game launch, prompting acknowledgments from the affected publishers about mitigation efforts. While the attacks' potential connection remained unclear, a cybersecurity expert criticized the gaming industry's perceived resignation to such disruptions despite available real-time protection solutions. Gamers observed that the year had been relatively calm compared to prior periods marked by prolific DDoS campaigns from groups like Lizard Squad.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 4-5, 2018, distributed denial-of-service (DDoS) attacks disrupted multiple online gaming services, including those operated by Square Enix and Ubisoft. Ubisoft first experienced connectivity issues on October 4, coinciding with the launch of Assassin’s Creed Odyssey, and confirmed active attacks beginning at 7:48 AM Central Time on October 5. These attacks impacted Ubisoft titles such as Rainbow Six Siege and For Honor, prompting the company to issue public alerts via Twitter and official forums. Ubisoft characterized the DDoS incidents as commonplace for online service providers and acknowledged potential effects on game connections and server latency while implementing mitigation measures. Later on October 5, Square Enix disclosed it was combating a separate DDoS attack targeting its massively multiplayer online role-playing game Final Fantasy XIV. Neither company confirmed whether the attacks against both publishers were coordinated or related.
The attacks caused measurable service degradation, with players reporting connectivity problems and increased latency during peak gaming periods. Ubisoft’s public statement emphasized the recurring nature of such threats to online platforms, though specific technical details about attack vectors or traffic volumes were not disclosed. Square Enix provided limited operational specifics beyond confirming the targeting of Final Fantasy XIV servers. Industry commentary emerged from Corero Network Security’s Director of Product Management Sean Newman, who noted the persistence of DDoS disruptions in gaming despite available real-time mitigation solutions. Newman emphasized that such technologies could maintain service continuity, reduce lag, and protect player trust and revenue streams. The incident occurred against a backdrop of reduced high-profile DDoS activity in 2018 compared to previous years, when groups like Lizard Squad had executed widespread attacks against gaming infrastructure. No threat actors claimed responsibility for the October 2018 attacks, and neither publisher disclosed long-term operational or financial repercussions.