Cyber Incident Victim: Activision Blizzard
Date:
Jun 2016
Location:
United States of America
Summary
A DDoS attack targeted a major gaming company's authentication servers, disrupting access to multiple online games and causing login failures, disconnections, and player concerns about in-game penalties. The hacker group Lizard Squad claimed responsibility, with member AppleJ4ck stating the attack was a test preceding a larger event and asserting that compromised authentication infrastructure inadvertently affected all client services due to internal routing configurations. While the company resolved the outage, the perpetrators emphasized the persistent challenges of mitigating such attacks and evading law enforcement due to their global dispersion.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On June 20, 2016, Blizzard Entertainment's Battle.net online gaming service experienced a widespread outage affecting authentication servers and disrupting access to multiple games, including Overwatch, Hearthstone, World of Warcraft, and Heroes of the Storm. Players reported failed login attempts, slow authentication processes, and involuntary disconnections during active matches. The disruption began following a tweet from AppleJ4ck, a member of the Lizard Squad hacking group, who posted "Here we go" shortly before service degradation became apparent. Blizzard's Customer Support Twitter account confirmed they were investigating authentication server issues but did not initially attribute the problem to malicious activity. Overwatch players expressed particular concern about potential penalties under the game's strict disconnect policies, despite the outages being involuntary. Service interruptions lasted for an unspecified period before Blizzard engineers resolved the technical issues.
Lizard Squad publicly claimed responsibility for the incident, characterizing it as a distributed denial-of-service (DDoS) attack targeting Blizzard's authentication infrastructure. AppleJ4ck later clarified to journalists that Overwatch servers were not the primary target, but rather that Blizzard's network architecture had inadvertently routed authentication traffic through what appeared to be Overwatch servers, causing collateral damage to all connected services. The attacker mocked affected gamers via social media, stating the disruption served as a commentary on emotional investment in virtual environments. Following service restoration, AppleJ4ck indicated the attack represented preliminary testing for larger planned operations. Blizzard never officially confirmed the DDoS attribution in public communications, only acknowledging resolved technical issues. The incident highlighted persistent challenges in mitigating DDoS attacks against complex gaming infrastructures and the operational difficulties law enforcement faces in prosecuting geographically dispersed threat actors like Lizard Squad.