Cyber Incident Victim: Blizzard Entertainment
Date:
Aug 2014
Location:
United States of America
Summary
A cyber-attack involving distributed denial-of-service (DDoS) disruptions targeted multiple online gaming services, including Blizzard Entertainment's Battle.net platform. The attack caused server instability and connectivity issues for titles such as World of Warcraft, Starcraft, and Diablo III, impacting multiplayer functionality and chat features. The company collaborated with internet service providers to mitigate the attack and restore service stability. Concurrently, other gaming platforms experienced similar disruptions, with conflicting claims of responsibility citing motivations ranging from ideological grievances to highlighting security vulnerabilities. Law enforcement agencies were involved in investigating related threats, including a diverted flight linked to a Sony executive.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On August 24, 2014, Blizzard Entertainment's Battle.net online gaming service experienced disruptions due to a distributed denial-of-service (DDoS) attack, part of a broader campaign targeting multiple gaming platforms. The attack coincided with outages affecting Sony's PlayStation Network, Microsoft's XBox Live, and Grinding Gear Games' Path of Exile servers over the same weekend. Battle.net, which supported multiplayer functionality for major titles including World of Warcraft, Starcraft, and Diablo III, suffered degraded performance as attackers flooded its systems with traffic. Xbox 360 users attempting to access Diablo III's party chat feature encountered connectivity issues directly linked to Battle.net's instability. Blizzard acknowledged the attack on its service status page, confirming the DDoS had disrupted game services but avoided specifying the attack's duration or full technical scope.
Blizzard responded by collaborating with internet service providers (ISPs) to mitigate the attack, reporting improved stability following these efforts. The company did not disclose defensive measures beyond this ISP coordination or quantify user impact. The attacks occurred alongside a bomb threat against American Airlines Flight 362, which was diverted after a Twitter account linked to the gaming service attacks falsely claimed explosives were aboard. This account, which referenced Islamic State (ISIS/ISIL) and criticized Sony's corporate "greed," also claimed responsibility for disrupting game services until "bombing of the ISIL stops." However, conflicting claims emerged when an Anonymous-affiliated hacker asserted responsibility for the PlayStation Network outage, criticizing the ISIS-aligned narrative and sharing purported evidence. The FBI investigated the flight diversion incident, though no public linkage to Blizzard's attack was confirmed. Microsoft's XBox Live services remained partially impaired during Blizzard's recovery period, while Grinding Gear Games separately addressed its Path of Exile DDoS issues. Blizzard's public communication remained limited to acknowledging the attack and remediation steps without detailing long-term consequences or attributing responsibility.