Every year, it feels as though we’re always waiting to see what gift hackers have in store for our precious gaming servers.
On Christmas Day in 2015, Valve found themselves underneath a Distributed Denial of Service attack (DDoS) which led to personal information for around 34,000 users being exposed. In a statement released by Valve, Steam’s parent company, they said that “During the Christmas attack, traffic to the Steam store increased 2000% over the average traffic during the sale.”
“In response to this specific attack, caching rules managed by a Steam web caching partner were deployed in order to both minimize the impact on Steam Store servers and continue to route legitimate user traffic. During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users. This configuration error resulted in some users seeing Steam Store responses which were generated for other users. Incorrect Store responses varied from users seeing the front page of the Store displayed in the wrong language, to seeing the account page of another user.”
After this turn of events, the decision to bring down the Steam Store was passed so that web caching configuration issues could be corrected.
Steam users who logged in during a certain time and browsed a page were at risk of having their billing address, the last four digits of their phone number, purchase history, the last two digits of their credit card number, and email address, being exposed. Fortunately, the exposed information did not include full card details, passwords, or any other information that could have been used for fraudulent purposes.
On December 24th 2014, Xbox Live Gold members and PlayStation Network subscribers were disappointed to see that their online services were taken down by a DDoS attack- claimed by a group named as Lizard Squad. The attack affected an estimated 160 million gamers worldwide. 110 million of these were PlayStation Network users while at least 46 million of these were Xbox Live members.
To mark the launch of their Christmas attack, Lizard Squad tweeted “jingle bells jingle bells xbox got ran, oh my fun it is to troll of you morons ... hey!” Their Twitter account has since been suspended.
Most gamers who had received gifts of games and consoles were unable to go online and play with their friends during December 24th, 25th, and part of 26th which was when service resumed. Those frustrated enough with the attacks took to Twitter to release their emotions.
“I am glad to see the Christmas spirit isn’t dead with Hackers taking down #playstationnetwork and #xboxlive to spoil children’s fun.” [email protected]
“I got Call of Duty Advanced Warfare but can’t play on PSN! I hate you Lizard Squad,” [email protected]
On December 26th, It was reported that Internet Entrepreneur, Kim Dotcom offered Lizard Squad 3000 accounts on his upload service (with a total storage capacity of 150 Terabytes), known as “Mega” for the attacks to end
Lizard Squad didn’t emerge around Christmas- they actually surfaced in August 2014 when the group claimed responsibility for Hacking the PlayStation and Blizzard Entertainment servers as well as tweeting a bomb threat to American Airlines.
Christmas 2013 was relatively stable for games however the PSN servers did experience minor downtime due to a DDoS attack when the PlayStation 4 had its first holiday season. Details of the attack are unknown.
This Christmas, we’re not sure what to expect for our game servers. Perhaps there won’t be anything to worry about and we’re just sitting on a mound of paranoia. With that being said, with Steam having only just started their Holiday Sale, we could be in store for more DDoS attacks over the next few days. If you're a user of Steam, I advise that you have Steam Guard fully set up as well as similar settings on other platforms fully configured.
Happy Holidays and Stay Safe!