Steam, Riot Games, Xbox Live, PlayStation Network, and Epic Games Store suffered widespread service disruptions October 6-7, 2025 from suspected massive distributed denial-of-service (DDoS) attacks generating record-breaking 29.69 terabits per second traffic from the Aisuru botnet, nearly doubling September’s previous 22.2 Tbps record reported by Cloudflare. The coordinated assault beginning around 11 PM ET October 6 left millions unable to play Counter-Strike 2, Dota 2, Valorant, and League of Legends as over 2,400 Downdetector reports flooded in with 58% flagging login issues and 20% server problems. Riot Games confirmed 36 hours of intermittent network instability forcing ranked queue disablement across Windows, macOS, iOS, and Android platforms, while Valve remained silent as Steam’s store, community hub, and marketplace repeatedly crashed through October 7. Security researchers identified TCP carpet bomb attacks flooding networks with realistic-looking traffic making traditional mitigation strategies ineffective.
The Timeline of Coordinated Attacks
Outage reports began surging around 8:00 PM EDT (11 PM ET) October 6, with Downdetector lighting up as users complained about server disconnections across major gaming platforms. Riot Games’ status pages first confirmed critical game disconnection issues around the same time, stating ‘We’re aware of a problem causing players to disconnect from their games and have disabled ranked queues while we investigate.’ Within minutes, Xbox Live, PlayStation Network, Epic Games Store, and Steam all experienced simultaneous spikes in outage reports suggesting coordinated assault rather than coincidental failures.
PC Gamer reported the timing is awfully coincidental, with all platforms hitting peak disruption within narrow window between 10:30-11:30 PM ET October 6. Steam briefly went offline around 11:00 PM ET (October 7, 11:00 AM Singapore Time), with users suddenly reporting issues logging in and connecting to servers. The near-simultaneous timing across services prompted immediate speculation that incidents were linked rather than independent infrastructure problems affecting multiple companies randomly on the same evening.
The Aisuru Botnet Culprit
Cybersecurity community suspects the Aisuru botnet as attack source, a massive network of hijacked IoT devices capable of generating unprecedented traffic volumes overwhelming even enterprise-scale infrastructure. According to reports, the botnet generated staggering 29.69 Tbps of malicious traffic, breaking the previous global DDoS record of 22.2 Tbps that Cloudflare reported in September 2025. PC Mag’s earlier report determined Aisuru was source of ‘hyper-volumetric DDoS attacks twice as large as anything seen on the internet before’ during September incidents.
The attack primarily targeted TCP protocols using carpet bomb technique flooding servers with excessive fragmented SYN floods and UDP amplification that appears realistic, making it hard to stop according to Bo3.gg reporting. Traditional DDoS mitigation strategies struggle distinguishing malicious traffic from legitimate user requests when attacks leverage TCP carpet bombing, allowing botnets bypassing filters designed catching obvious flood patterns. The sophistication suggests coordinated operation rather than amateur script kiddie attacks, with timing and scale indicating professional execution potentially linked to organized cybercrime groups or nation-state actors.
Riot Games’ Official Response
Riot Games spokesperson Joe Hixson acknowledged to media that the company experienced intermittent network issues for more than 36 hours leading up to October 7, though he didn’t speculate on underlying causes. In official statement, Hixson confirmed: ‘Like many companies over the last day or two, we’ve faced challenges to network stability and taken proactive steps to protect the player experience. We’ve temporarily disabled ranked queues in some regions and enabled ranked points loss compensation where appropriate.’
The 36-hour timeframe suggests attacks began October 5, intensifying through October 6-7 as Aisuru operators ramped up traffic volumes testing platform resilience. Riot’s decision disabling ranked queues prevents players losing competitive points due to server instability outside their control, demonstrating proactive damage control prioritizing player experience over maintaining all services operational during crisis. The ranked loss compensation addresses community frustration about disconnections ruining matches affecting seasonal rankings and rewards eligibility.
Valve’s Silence and Steam Recovery
Valve Corporation remained completely silent throughout the disruptions, with Steam’s official social media accounts posting nothing and no maintenance patches dropping for games or the platform according to Sportskeeda reporting. The silence frustrated users seeking official acknowledgment and estimated recovery timelines, though Valve historically communicates minimally during crises preferring letting services speak through restored functionality rather than public relations statements promising timelines that might not materialize.
By late October 7, Steam services gradually recovered with intermittent functionality returning to Store, Community Hub, and matchmaking across regions. IBTimes UK reported that as of October 8, intermittent flickers of service hinted at defensive countermeasures kicking in, yet the episode exposed Valve’s vulnerabilities in an era of escalating digital sieges. The recovery timeline spanning over 24 hours suggests either persistent attack continuation forcing ongoing mitigation efforts or substantial infrastructure damage requiring gradual restoration rather than simple service restart.
AWS Connection Speculation
Some reports suggested Amazon Web Services (AWS) showing ‘Full Load’ status during disruptions, potentially indicating Valve relies on AWS infrastructure for Steam operations. If accurate, that dependency means Steam’s resilience depends partially on AWS’s ability withstanding DDoS floods targeting Valve specifically. However, AWS itself faced unrelated outages during the same window according to Downdetector, creating uncertainty whether AWS problems stemmed from separate Aisuru targeting or collateral damage from attacks overwhelming interconnected infrastructure.
Impact on Other Platforms
Beyond gaming services, reports indicated unusual outage volumes affecting PlayStation Network, Epic Games, Hulu, AWS, Cloudflare, Xfinity, Cox, and other services suggesting broader internet infrastructure targeted rather than exclusively gaming companies. Cybernews described how ‘the internet is melting: Steam down. Epic Games down. AWS down. Cloudflare wobbling,’ capturing the cascading failures affecting seemingly unrelated services simultaneously.
The widespread impact raises questions whether gaming platforms were primary targets or collateral damage from attacks aimed at underlying infrastructure providers like AWS and Cloudflare that many services depend upon. If Aisuru targeted foundational internet infrastructure rather than individual game companies, the disruptions represent canary in coal mine warning about internet fragility when critical chokepoints face overwhelming traffic volumes exceeding defensive capacities even for companies investing billions in security.
Historical Context and Industry Vulnerability
Similar incidents occurred summer 2023 when Riot Games and Valve faced DDoS attacks causing massive online disruptions, demonstrating that despite companies strengthening server security, completely eliminating such threats in the gaming industry remains impossible according to Bo3.gg reporting. The recurring attacks suggest gaming platforms represent attractive targets for DDoS operators seeking maximum disruption impact, with millions of engaged users generating immediate visible chaos and media coverage amplifying attacker notoriety.
Windows Report noted that while rare, simultaneous multi-company DDoS attacks could signal a shift in tactics among large-scale botnets, especially those capable of leveraging global network weaknesses. The coordination required executing synchronized assaults across multiple platforms simultaneously demonstrates sophisticated capabilities beyond typical DDoS-for-hire services, potentially indicating organized cybercrime groups or nation-state actors testing critical infrastructure resilience as geopolitical tensions escalate globally.
TCP Carpet Bomb Technique Explained
Security tracking account @vxdb claimed on X that Steam and Riot Games were facing large DDoS attacks with TCPShield reports dealing with TCP Carpet Bomb attacks on their network. The carpet bomb technique floods networks with realistic traffic that mimics legitimate user requests, making it exponentially harder to filter compared to obvious flood patterns that traditional DDoS protection easily identifies and blocks. The realistic appearance forces defensive systems choosing between blocking potentially legitimate traffic or allowing malicious requests through, creating no-win scenarios.
The fragmented SYN floods component exploits TCP handshake protocols by initiating massive connection requests without completing them, exhausting server resources maintaining half-open connections waiting for responses that never arrive. Combined with UDP amplification leveraging misconfigured servers reflecting traffic toward targets, the multi-vector approach overwhelms defensive systems designed catching single attack patterns but struggling when simultaneous techniques exploit different vulnerabilities concurrently.
User Impact and Frustration
Gamers from North America to Asia vented frustration online with sessions derailed just as peak play hours beckoned according to IBTimes reporting. The timing targeting evening hours across Western timezones and morning periods in Asia maximized user impact when server populations typically peak, creating maximum disruption visibility amplifying attacker notoriety. Counter-Strike 2, Dota 2, Valorant, and League of Legends players particularly suffered as competitive multiplayer games become unplayable when server connections drop mid-match.
The disruptions arriving during October also frustrated players eager experiencing new releases and updates launching throughout the month. The timing potentially damages sales for developers launching titles during affected windows, as players unable accessing storefronts can’t purchase games while initial launch momentum dissipates. Whether attackers deliberately targeted October for maximum commercial damage or coincidentally launched operations during busy release season remains speculation without confirmed attacker motivations.
Cloudflare’s September Record Context
The 29.69 Tbps attack volume nearly doubles Cloudflare’s September report of 22.2 Tbps representing the previous largest DDoS attack ever recorded. That exponential growth in attack capabilities within single month demonstrates how rapidly botnet operators scale operations once techniques prove effective, with Aisuru apparently refining September methods achieving even greater traffic generation through October. The progression suggests Aisuru operators continuously testing limits determining maximum sustained volumes overwhelming even enterprise defenses.
Whether October’s 29.69 Tbps represents Aisuru’s current ceiling or merely incremental step toward even larger future attacks remains uncertain, though the trajectory suggests 40-50 Tbps attacks could materialize within months if botnet expansion continues unchecked. The escalation forces companies investing exponentially increasing resources on defensive infrastructure just maintaining parity with attacker capabilities, creating unsustainable arms race favoring attackers who exploit compromised IoT devices costing them nothing.
Community and Industry Response
The Reddit r/Games thread received 800+ upvotes with 234 comments discussing attack implications and frustration with gaming industry vulnerability to DDoS disruptions. Users noted historical pattern where Riot banned close to 2 million accounts and even Doublelift (one of the best ADC to ever play in LCS maybe the game itself) got banned, though context for that comment remains unclear whether referring to separate anti-cheat actions or facetious exaggeration about server problems.
Cybersecurity experts warned the scale of attacks highlights new vulnerabilities in global gaming infrastructure requiring coordinated industry response rather than individual company efforts. However, competitive dynamics prevent companies sharing defensive strategies fearing information leakage to competitors, creating tragedy of commons where collective security suffers because individual actors optimize for private interests rather than ecosystem resilience. Whether October’s disruptions force industry cooperation or simply result in isolated defensive improvements depends on leadership willingness prioritizing collective good.
Frequently Asked Questions
When did the Steam and Riot Games DDoS attack happen?
The DDoS attacks began around 8:00 PM EDT (11 PM ET) on October 6, 2025, intensifying through October 7. Riot confirmed experiencing intermittent network issues for approximately 36 hours total, suggesting attacks started October 5.
What is the Aisuru botnet?
Aisuru is a massive botnet comprised of hijacked IoT devices capable of generating unprecedented DDoS traffic volumes. It generated record-breaking 29.69 Tbps attacks in October 2025, nearly double September’s previous 22.2 Tbps record.
What games were affected by the DDoS attack?
Major affected titles included Counter-Strike 2, Dota 2 (Steam), Valorant, and League of Legends (Riot Games). Players reported login failures, server disconnections, and matchmaking problems across all affected games.
Is Steam still down?
As of October 8, 2025, Steam services have largely recovered though intermittent issues may persist. The Store, Community Hub, and matchmaking gradually restored functionality through October 7 evening.
What is TCP carpet bombing?
TCP carpet bombing is sophisticated DDoS technique flooding networks with realistic-looking traffic that mimics legitimate user requests, making it extremely difficult for defensive systems to distinguish malicious from genuine traffic.
Did Valve comment on the Steam outage?
No, Valve remained completely silent throughout the disruptions without posting on social media or issuing official statements. The company historically communicates minimally during crises.
Will there be compensation for ranked losses?
Riot Games enabled ranked points loss compensation where appropriate for players who disconnected during matches due to server instability, while ranked queues were temporarily disabled in affected regions.
Conclusion
The massive October 6-7, 2025 DDoS attacks generating record-breaking 29.69 Tbps traffic from Aisuru botnet simultaneously disrupting Steam, Riot Games, Xbox Live, PlayStation Network, and Epic Games Store exposed critical vulnerabilities in gaming infrastructure as TCP carpet bomb techniques overwhelmed enterprise defenses designed catching traditional flood patterns. Riot Games’ confirmation of 36-hour intermittent network instability forcing ranked queue disablement and loss compensation demonstrated proactive damage control, while Valve’s complete silence throughout Steam’s prolonged disruptions frustrated users seeking official acknowledgment though services gradually recovered October 7 evening. The nearly doubled traffic volume compared to September’s previous 22.2 Tbps Cloudflare record demonstrates exponential botnet capability growth within single month, suggesting 40-50 Tbps attacks could materialize soon if IoT device compromise continues unchecked creating unsustainable defensive arms race favoring attackers exploiting free compromised resources. Whether October’s coordinated assault signals shift toward sophisticated multi-platform targeting by organized cybercrime or nation-state actors testing critical infrastructure resilience remains uncertain, though the incident forces gaming industry confronting reality that despite billions invested in security, complete elimination of DDoS threats remains impossible when attackers leverage globally distributed botnets generating traffic volumes overwhelming even Cloudflare and AWS-scale infrastructure supporting world’s largest gaming platforms serving hundreds of millions daily users.