Cyber Incident Victim: ATLAS
Date:
Jan 2019
Location:
United States of America
Summary
The online multiplayer game ATLAS experienced significant disruptions when attackers compromised an administrator account, enabling unauthorized server modifications that spawned inappropriate objects like military vehicles, disrupting gameplay and damaging player assets. Shortly thereafter, multiple players exploited a server vulnerability to flood the environment with whales and dragons, further destabilizing the game, and subsequently spammed in-game communications with promotional messages. Developers responded by rolling back servers on both occasions to mitigate damage, implementing protections against the technical exploit, and banning associated accounts. These incidents collectively caused widespread gameplay interference, server instability, and unauthorized messaging across the affected multiplayer environment.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The online multiplayer game ATLAS, developed by Grapeshot Games and launched in early access on Steam in late 2018, experienced two disruptive security incidents within four days in January 2019. On January 17, an unidentified individual compromised a Steam account belonging to a game administrator, gaining unauthorized access to ATLAS multiplayer servers. The attacker manipulated server settings to spawn World War II-era military vehicles—including airplanes and tanks—across the game environment. These objects appeared in historically inconsistent locations, causing widespread gameplay disruption: player deaths, ship destruction, and server instability affecting tens of thousands of users. Twitch livestreams documented the incident in real time as players encountered the anomalous vehicles. Grapeshot Games responded by taking servers offline for a five-hour rollback to restore pre-attack game states, publicly acknowledged the admin account breach on official forums, and issued apologies to affected players. No account bans were initially reported for this incident.
A second, technically distinct incident occurred on January 20 when multiple players exploited a vulnerability within ATLAS’s game code rather than targeting administrator credentials. Attackers weaponized this flaw to spawn excessive quantities of whales and dragons—creatures normally restricted to specific gameplay contexts—in physically impossible locations including landmasses and midair positions. After exhausting this tactic, perpetrators shifted to flooding the in-game chat system with repetitive “Subscribe to PewDiePie” messages, though evidence suggested this was opportunistic meme usage rather than a primary motivation. Twitch broadcasts again captured the disruptions as they unfolded. Developers executed another server rollback to eliminate spawned entities and spam messages, implemented technical safeguards against the specific exploit, and permanently banned accounts linked to the abuse. Grapeshot clarified that no administrative accounts were compromised during this second event, distinguishing it from the January 17 breach while confirming punitive actions against exploiters. Both incidents necessitated server downtime and gameplay resets to mitigate operational impacts.