Cyber Incident Victim: Xbox Live
Date:
Aug 2014
Location:
United States of America
Summary
A distributed denial-of-service (DDoS) attack disrupted multiple online gaming platforms, including Xbox Live, causing server unavailability issues for Xbox One users attempting multiplayer connections and Xbox 360 players accessing Diablo III's chat features. The incident coincided with a bomb threat against a flight carrying a Sony executive, prompting an FBI investigation. A Twitter account claiming jihadist affiliations cited opposition to military actions against ISIL as motivation, while contradictory messages criticized corporate greed, and an Anonymous-affiliated hacker separately claimed responsibility to expose security flaws. Similar service interruptions affected PlayStation Network, Blizzard's Battle.net, and Path of Exile, with providers working to stabilize connectivity amid the coordinated attacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On August 24-25, 2014, Microsoft's Xbox Live service experienced disruptions alongside Sony's PlayStation Network, Blizzard's Battle.net, and Grinding Gear Games' Path of Exile servers due to coordinated distributed denial-of-service (DDoS) attacks. The attacks overloaded the networks with traffic, rendering key online functionalities inaccessible. Xbox Live's support portal acknowledged server unavailability issues affecting Xbox One owners attempting to join multiplayer games, while Xbox 360 users encountered connectivity problems specifically with Diablo III's party chat featureāa consequence of related attacks on Blizzard's Battle.net infrastructure. Microsoft did not publicly detail mitigation efforts beyond service status notifications, though Battle.net operators confirmed working with internet service providers (ISPs) to stabilize their systems. Path of Exile developers similarly tweeted about ongoing DDoS-related server issues but anticipated a swift resolution. Sony Online Entertainment President John Smedley had publicly referenced combating a "large scale DDoS" prior to the incident escalating.
The attacks coincided with a bomb threat against American Airlines Flight 362, which was diverted to Phoenix after an online threat claimed explosives were aboard. Smedley, who had tweeted about boarding the Dallas-Fort Worth to San Diego flight before its diversion, later confirmed the incident without elaboration, noting authorities would pursue those responsible. A Twitter account claiming responsibility for the gaming service attacks linked them to demands to halt airstrikes against ISIL (Islamic State), while also criticizing Sony's spending priorities. Another hacker affiliated with Anonymous separately claimed responsibility for the PlayStation Network outage, presenting purported evidence and disputing the ISIL-linked claims. The FBI initiated an investigation into the flight diversion at Sony's request, though no attribution for the gaming outages was conclusively established. Service disruptions across all platforms, including Xbox Live's multiplayer and chat functionalities, represented the primary operational impact, with no reported data breaches or long-term infrastructure damage disclosed by the affected companies.