Cyber Incident Victim: Full Tilt Poker
Date:
Apr 2015
Location:
Isle of Man
Summary
Multiple online poker platforms experienced service disruptions due to distributed denial-of-service (DDoS) attacks, causing widespread login failures, severe lag, disconnections, and tournament cancellations. The incidents affected several operators, including PokerStars, where connectivity issues persisted through a compromised host despite partial infrastructure functionality. Similar attacks previously forced another network to cancel a major guaranteed tournament after repeated technical failures overwhelmed its servers. The attacks involved flooding gaming servers with illegitimate traffic, crippling their ability to process legitimate player requests and causing extended operational outages across the targeted platforms.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In mid-April 2015, multiple online poker platforms experienced severe service disruptions due to coordinated Distributed Denial of Service (DDoS) attacks targeting their infrastructure. The attacks commenced over the weekend preceding April 14, with Betfair confirming its entire digital ecosystem—including poker operations, sportsbook, and betting exchange—succumbed to traffic overload from malicious requests. Unibet also acknowledged being victimized by identical attack methods during this period. While PokerStars did not formally confirm an attack, widespread customer reports from Friday through Monday detailed login failures, extreme latency, frequent disconnections, and tournament cancellations/suspensions—symptoms consistent with DDoS incidents. Technical evidence pointed to infrastructure vulnerabilities, particularly at Manx Telecom on the Isle of Man, one of PokerStars' six hosting providers that remained completely offline even days after initial disruptions began, forcing disproportionate traffic through remaining functional hosts despite their nominal 100% connectivity status.
The attacks paralyzed operational capabilities by flooding servers with illegitimate communication requests, overwhelming their capacity to process legitimate player traffic. This caused service degradation ranging from slowed gameplay to complete platform crashes. Betfair's technical team resolved their outage within approximately one day, restoring full functionality. The Winning Poker Network (WPN), which had suffered a similar attack in December 2014 leading to cancellation of its million-dollar guaranteed tournament, was not mentioned as affected during this April incident but served as precedent for attack methodologies and consequences. Immediate operational impacts included canceled tournaments, refunded player buy-ins, and prolonged service unavailability across multiple operators. No attribution, motive, or ransom demands were disclosed in available reporting. Historical patterns indicated poker platforms remained recurrent targets for such attacks, exploiting their real-time service requirements and financial sensitivity to downtime.