Cyber Incident Victim: Blizzard Entertainment
Date:
Apr 2016
Location:
United States of America
Summary
Blizzard Entertainment experienced a distributed denial-of-service (DDoS) attack targeting its Battle.net services, causing intermittent outages. The notorious hacking group Lizard Squad claimed responsibility for the disruption, which was largely resolved within two hours. The attackers allegedly used a "stresser" tool, consistent with their history of targeting gaming platforms to gain notoriety and leverage their familiarity with the gaming ecosystem. Concurrently, concerns arose regarding compromised email address screenshots in circulation, suggesting a potential diversion tactic to mask more severe network breaches or data harvesting efforts. The incident highlighted tensions between prioritizing DDoS mitigation—which naturally subsides—and addressing possible internal security compromises that posed greater risks to customer data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 14, 2016, Blizzard Entertainment experienced a distributed denial-of-service (DDoS) attack targeting its Battle.net online gaming platform. The attack began in the early hours of Thursday morning, causing widespread service disruptions that rendered Battle.net intermittently unavailable to players. Lizard Squad, a notorious hacking group, publicly claimed responsibility for the attack through social media channels, also asserting involvement in simultaneous disruptions to World of Warcraft and other gaming services. Blizzard's customer support team acknowledged the outage via official Twitter communications, confirming ongoing mitigation efforts. Service stability was largely restored approximately two hours after initial detection, though intermittent connectivity issues persisted during the attack window. Technical evidence suggested the attackers employed a "stresser" tool – Lizard Squad's proprietary DDoS-for-hire infrastructure – to overwhelm Blizzard's servers with malicious traffic. This incident marked Lizard Squad's reemergence following a period of reduced activity after key members faced arrests and convictions related to their 2014 Christmas attacks on PlayStation Network and Xbox Live.
The attack disrupted authentication servers critical for Blizzard's game titles, preventing legitimate users from accessing multiplayer features, digital purchases, and account management tools. While Blizzard prioritized restoring connectivity through traffic filtering and infrastructure adjustments, security analysts noted circulating screenshots purportedly showing compromised Blizzard email addresses. Malwarebytes analyst Chris Boyd highlighted concerns that the DDoS might serve as diversionary tactic while attackers potentially exploited network vulnerabilities to harvest customer data. This scenario presented Blizzard with response challenges – balancing immediate DDoS mitigation against investigating potential data breaches carried greater operational risks if internal resources were misallocated. The incident underscored gaming platforms' continued vulnerability to DDoS attacks due to their high visibility and emotional impact on user communities, factors that incentivize threat actors seeking notoriety. Lizard Squad's resurgence demonstrated adaptive capabilities despite previous law enforcement actions against the group.