7 examples of the biggest DDoS attacks

Tips & tricks
6 mins
Attacks from multiple places at the same time.

In January 2023, Formula One racing driver Max Verstappen took part in the 24 Hours of Le Mans Virtual—an e-sports racing competition. The event was founded in 2020 amid Covid-19 and features drivers from all around the world competing against each other over a 24-hour period. Unfortunately for Verstappen, the experience was anything but smooth and ended with him rage quitting shortly after several technical difficulties. He described the event as a “clown show.” The cause? DDoS attacks. 

While Verstappen’s experience was particularly memorable as it happened to a celebrity in front of cameras, DDoS attacks can be much more disruptive, affecting millions of people who rely on everyday online services.

How do DDoS attacks work?

Before delving into DDoS, let’s go over denial-of-service (DoS) attacks. These refer to attempts to disrupt websites or services by overwhelming a network with a barrage of false requests so that it becomes unusable or inaccessible. DoS attacks are usually initiated by a single user on a single device. 

A distributed denial-of-service (DDoS) attack is the same thing but on a large scale utilizing multiple devices, users, or bots, called a botnet. Think of it as a major online traffic jam.

While video games have become a popular target, DDoS incidents affect all kinds of businesses. As for why they are perpetrated, there are various reasons: It could be as a prank, to get an advantage while gaming, to make a political statement (as in hacktivism), to harm a competing business, for revenge against a company, or to extort a company for payment.

Read more: DoS vs. DDoS attacks: What’s the difference?

Biggests DDoS attacks


When: February 2018
Duration: about eight minutes
Claim to fame: A ransom note demanding payment of 50 Monero coins—roughly 18,000 USD—was buried in the malicious traffic. It’s believed to be the first time such a demand was hidden in DDoS traffic itself.

Software hosting repository GitHub was hit with a crazy DDoS attack in early 2018. The attack peaked at 1.35 terabits per second and is considered to be one of the biggest DDoS attacks on record. The size of the attack was huge, but it lasted under 10 minutes.


When: October 2016
Duration: about five hours in total
Claim to fame: In 2020, an individual pleaded guilty to the attack, which was carried out when the person was a teenager.

DNS provider Dyn was hit with a series of DDoS attacks that disrupted access to major websites and services like Twitter, Spotify, Netflix, Pinterest, Reddit, and PayPal. The attack peaked at 1.2 terabits per second and caused sporadic outages lasting around half a day.


When: March 2013
Duration: about four hours in total
Claim to fame: The hacker who organized the attack, Sven Olaf Kamphuis, was unhappy with his company, CyberBunker, being blacklisted by Spamhaus as a spam provider.

Anti-spam organization Spamhaus was hit with a DDoS attack that peaked at 300 gigabits per second. The attack was carried out using a botnet of many compromised servers and was so severe that it ended up affecting internet speeds across all of Europe. It was considered the biggest DDoS attack in history at the time.

Biggest gaming DDoS attacks

Some recent examples in the gaming world include:

PlayStation Network and Xbox Live

When: December 2014
Duration: Two days
Claim to fame: The hacking group Lizard Squad chose to ruin Christmas for many and kicked off a trend; the Christmas period is now the most popular time for cyberattacks on companies.

PlayStation Network and Xbox Live were hit with a major DDoS attack in late 2014 that rendered the network unable to go online for several days during the holiday season. This, unsurprisingly, caused much consternation both for the companies and gamers alike as the PlayStation and Xbox are popular Christmas gifts, with the holiday period also being the most popular time to play video games.

Xbox Live

When: November 2015
Duration: Three hours
Claim to fame: The hacker group Phantom Squad followed up this attack with the threat of a Christmas attack, but two of the hackers in the group were arrested at the end of the year instead, and a third charged with offenses related to cybercrime.

In November 2015, Xbox Live was hit with a DDoS attack that caused the network to go offline for several hours. Hacker group Phantom Squad claimed responsibility for the attack. It’s believed that they were trying to one-up an attack by the hacker group Lizard Squad a year earlier on PlayStation Network and Xbox Live.

League of Legends

When: August 2014
Duration: Several hours
Claim to fame: Lizard Squad was also behind the DDoS attack on Daybreak Games, which affected servers for games like H1Z1 and PlanetSide 2.

Riot Games’ League of Legends was hit with a DDoS attack in mid 2014 that caused the game’s servers to go offline for several hours. Lizard Squad claimed responsibility. In the same year, they also claimed responsibility for calling in a bomb threat on a flight carrying the then-head of Sony Online Entertainment John Smedley.

Blizzard Entertainment

When: July 2018
Duration: Two days
Claim to fame: It is unknown who initiated these attacks. It is entirely possible that they were carried out by multiple parties. 

Video game developer Blizzard Entertainment’s Battle.net online gaming service was hit with a DDoS attack that caused major network issues for several hours. This ended up affecting popular games like World of Warcraft and Overwatch which are estimated to have around 1,000,000 players per day globally.

How to protect against DDoS attacks while gaming

The most basic information an attacker needs to launch a DDoS attack on you is your real IP address. If someone is targeting you specifically, they would benefit from finding your account inside a game, too. This means staying as private as possible will help you avoid becoming a victim of DDoS attacks.

Use a VPN

Using a VPN while gaming online is one of the most effective ways to protect yourself against DDoS attacks. A VPN will send your online traffic through a secure tunnel, keeping all of your sensitive information private from prying eyes. We know the perfect one!

Read more: How to stop DDoS attacks on Xbox

Restart your router frequently

Resetting your router frequently will ensure your IP address keeps changing. A router reset is also an effective way to end a DDoS attack. As residential networks are generally dynamic (meaning your internet provider gives you a new IP for a new session), you can start afresh with a router reset.

Read more: Static (dedicated) vs. dynamic IP: What’s the difference?

Use a firewall

A firewall can stop some DDoS attacks by identifying suspicious traffic and limiting the amount of incoming traffic. 

Increase your privacy on game sites

Limiting the amount of personal or identifiable information on your gaming accounts as possible is an extremely important step for keeping your details out of the hands of malicious actors. This is even more important if you have a child using a gaming account on any of your devices. Try to anonymize any usernames chosen for gaming accounts, refrain from using photos of yourself, and avoid listing your location online.

Avoid Wi-Fi hotspots

If you’re using your device in a public space, like a gaming cafe, avoid using public Wi-Fi connections. If you can’t avoid using a public network, keep any use or transmission of sensitive information to an absolute minimum.

Read more: How to stay secure when using public Wi-Fi

Avoid apps that reveal your IP address

Using VoIP and gaming chat apps (like Discord) while gaming can sometimes unintentionally reveal your IP address to other players in the same gaming session. However, a good VPN can help to avoid this.

FAQ: DDoS attacks

Are DDoS attacks illegal?
Why do DDoS attacks happen?
Can DDoS attacks be traced?
Game securely, with no ISP throttling

Servers in 105 countries

Game controller.
Upgrade your online gaming experience today
Why get a VPN for gaming?
Hi, you've reached Marcus. Dial '1' for privacy, '2' for point and click adventure games, and '3' for paranormal stories. For all other enquiries, please stay on the line and he'll be with you shortly.