Cyber Incident Victim: Blizzard Entertainment
Date:
Sep 2016
Location:
United States of America
Summary
Battle.net servers experienced a distributed denial-of-service (DDoS) attack claimed by hacking group PoodleCorp, disrupting connectivity and causing latency issues for players accessing games including Overwatch, World of Warcraft, Hearthstone, and Diablo across multiple platforms. The incident marked the third service interruption within a week, with the attackers demanding social media engagement to cease their activities. Services were restored following the group's discontinuation of the attack after their retweet threshold was met. This event followed prior disruptions by PoodleCorp and other threat actors targeting the same infrastructure, alongside the group's history of similar attacks against other gaming platforms like EA's Battlefield 1 beta and Pokémon Go servers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 18, 2016, Blizzard Entertainment's Battle.net servers experienced a distributed denial-of-service (DDoS) attack claimed by the hacking group PoodleCorp, marking the third service disruption that week. The attack caused widespread latency and connectivity issues across multiple platforms—Xbox One, PS4, and PC—affecting popular titles including Overwatch, World of Warcraft, Hearthstone: Heroes of Warcraft, and Diablo 3. Blizzard confirmed the incident via its customer support Twitter account, attributing the outage to a DDoS targeting their network providers. This followed two prior disruptions on September 13 and 16, which had prevented players from authenticating and logging into game servers. PoodleCorp, which had previously targeted Blizzard in August 2016 and other gaming companies like EA and Rockstar Games, publicly took responsibility for the attack. The group issued a demand on social media, pledging to cease the attack only if one of their tweets reached 2,000 retweets. After players complied, PoodleCorp halted the assault, and Blizzard subsequently restored services, announcing that technical issues had been resolved.
The September 18 incident was part of a broader pattern of attacks against Blizzard in 2016. Prior disruptions included an April 2016 DDoS by Lizard Squad and two August 2016 attacks by PoodleCorp, alongside an unclaimed cyberattack from August 30–31. The latest outage reinforced concerns about the gaming industry’s vulnerability to DDoS campaigns, as PoodleCorp had also targeted EA’s Battlefield 1 beta and Pokémon Go servers earlier in the year. While Blizzard’s response was limited to monitoring the attack and confirming restoration post-resolution, the incident highlighted recurring operational risks. PoodleCorp continued its activities beyond Blizzard, hinting at future attacks against EA’s Battlefield release in October, though the beta’s popularity remained unaffected, drawing over 13.2 million players. The group also commented on unrelated Sony PSN outages in September without claiming responsibility, further illustrating its disruptive online presence.