Xbox Live faces connectivity issues, possible DDoS attack suspected

Xbox One

Several users were unable to log in to Xbox Live last night thanks to a connectivity issue that prevented Xbox 360 and Xbox One users from accessing the service. Microsoft has since resolved the sign-in issue, and is now looking into other services that are affected, which include server availability issues on Xbox One. According to the Xbox Live status page:

Hi Xbox members. Are you having trouble connecting to Party Chat on Diablo III on Xbox One and Xbox 360? Additionally, Xbox One users, are you experiencing server unavailability issues? Us too, but we're working alongside our partner to get these issues fixed ASAP!

We're also aware that some of you are having trouble accessing FIFA Ultimate Team in FIFA 14. This impact is likely due to a maintenance our partner is performing at the moment. We appreciate your patience, and we'll update you as soon as we have more information on these issues.

The Xbox Live core services along with purchase and content are running without any glitches at the moment. While there isn't an official confirmation of the same, it looks like a DDoS attack that was responsible for the Xbox Live outage. Sony's PlayStation Network also went down yesterday, with hacker group Lizard Squad taking credit for both outages.

Source: Xbox Live; Twitter

Thanks Kyle for the heads up!


Reader comments

Xbox Live faces connectivity issues, possible DDoS attack suspected


However, today was supposed to be a big maintenance day that took the PSN servers down, having no online games. So, while it may be up, it may go down again for the real scheduled maintenance. Unless they move it since this happened.

This had nothing to do with security. Their environment wasn't hacked, it was flooded. Furthermore, according to Sony, it was upstream, a direction they had no control over. It affected more than just Sony directly. There were a lot of systems down in between Sony and the users. Supposedly even Charter went down. You can't stop people from doing DDoS attacks and it's very hard to anticipate that.

I had "error retrieving user data from Xbox live" at Titanfall. Just two times at first attempt. At the second all went fine.

The same could be said for Comcast. Whether the issue is on the service provider or XBL end,of things, for the last 3-4 months signing in to XBL now takes forever. Game downloads? Forget that. I now need to run those overnight.

What's the point of this? Congrats... Your keyboard licking ass wrecked everyone's fun and caused others a lot of extra work. Your still a douche’ bag.

What's the motivation of Lizard Squad? Most times these hackers don't agree with how the targeted company works, but what is it this time?

I think their motivation is just to be really effing annoying.

Posted via the Windows Phone Central App for Android

There have been a lot of these DDos attacks of late. My company was hit just a couple of weeks ago. You can do your usual belly aching about MS all you want. It won't change the likelihood that these will be more and more prevalent. Vandals and hackers and political activists in all sides will not be deterred.

I just wish that every hacker could focus their attention on Marlboro Baptist Church because of their disrespectful way of living. If I knew others would do it, I would've used LOIC on them ages ago.

Think about it. My company is in Japan. Last year about this time they took down our servers big time. Took us 4 days to recover. Millions of yen at risk. Was it the Chinese? The Koreans? Anti-whalers? Take your pick. If it is Ddos likely no single company was the target. While we were all pointing and laughing at Sony all gaming sites seemed targeted.

they say they are punishing Sony for having subpar security and wants them to make it better for gamers

so maybe the same goes with Xbox

Distributed Denial of Service (Attack). It means a network of many computers (most whose owners aren't even aware but have malware or viruses) all mass connect to one service or server at once, repeatedly, causing a native spike in service. If successful the server won't be prepared and will grind to a halt, hence the 'Denial of Service' because it can't service legitimate requests.

They often come together. A server can bottleneck due to a high number of requests or connections (even genuine ones) if it doesn't have enough resources to keep up with demand. This will cause the service to slow, but not necessarily stop working. Full denial of service comes when the bottleneck is very severe and the queue very long; the server will overload trying to serve so many requests that it actually gets into a state where it couldn't even keep up if the load decreased again. This is full DoS.

The first D in DDoS refers to 'Distributed', meaning it has been orchestrated through a botnet of viruses and/or malware. Standard denial of service is a state a server can get into and not necessarily an attack, however DoS Attack or DDoS is caused by someone with malicious intent.

Usually a little of the first and a lot of the last.
Hackers take advantage of viruses and malware installed on unsuspecting people's computers worldwide, as well as some infrastructure of their own. That's how they're able to create such load -- they can orchestrate hundreds of thousands of computers to connect all at once without having to pay for it themselves.
This is why a DDoS Attack is a web admin's worst nightmare. Any clever person can protect their systems from the vast majority of security intrusions, but it's impossible to be 100% immune to DDoS. You can't fully prevent against it, and once it starts there's nothing you can do about it until it until the hackers decide to stop.

Limited connection to Fifa 14 servers and the Fifa 15 closed beta on the Xbox 360. Xbox live is also losing its connection. I've opened up all of the required ports and still no joy.

In case it was an attack: I am always surprised how big companies are unable to protect their infrastructure. Even MS who "invented" a lot of that software. Makes it hard to believe in the safety of the cloud and all the other stuff the IT-industry is talking about.

The thing is that it's not really about security. If you can in any way connect to it, you can DDoS it. If you arn't familiar how DDoS works, it's basically spamming the server with so many connections that it clogs up the system and that's what causes the downtimes and connection problems. The way Sony got hacked a few years back was a whole different kinda thing, if that happened to MS I'd be really worried, but this is basically something every script kid can do after 15 mins of searching the internet, perhaps not in the magnitude required to cause problems to MS, but DDoSing is sadly very easy, but it doesn't really have any benefits to it, you just cause issues to the target without benefitting yourself.

They seemed to target a lot of gaming related things. This gaming community I'm a part of was also attacked, which is sorta weird cos it's not like we're really famous or anything :D

Yep, DDoS is theoretically impossible to plan against. It represents no lack of security whatsoever, and no matter how much resource you throw at a system there is always more resource out there to spam your servers even more.

Made me think a nasty thought... This new OS the Chinese are making could link up every computer in the country and the government could use it to target anyone. Get rid of all their pirate botnets on pirated Win boxes, and at the same time, make their own under government/military control.

Totally. North Korea has a similar thing (Red Star OS) which could be used for a similar purpose if they could get their populace off XP.

It is DNS servers who are the culprits. Often companies are scrambling to find alternative DNS routes around trouble. Larger companies, while they may have the wherewithal to protect offer also the largest ships to turn. Am I miffed my movie last night might have suffered from early symptoms? Sure, but keep all this in perspective and remember it is truly astounding a huge target like MS doesn't suffer more often.

They've done this with steam several too mister master race, it actually has little to do with the console or server, I see you're unfamiliar with the people of attack they actually did.

Posted via Windows Phone Central App

The PC games I play are way more often the target of DDoS attacks than my console service of choice (Xbox Live).

It was kind of slow when I was playing ranked matches in StreetFighter last night.

Still this is why I stick with XBL. Microsoft have proven time and again that they have the better platform. They fix issues fast.

I wouldn't know because I don't use YouTube, never will use it, and couldn't care less if gets blown up. Google sucks.

Sometimes your ISP can help. Call them and sometimes they may route through a different DNS server, temporarily bypassing the offending service. They are also interested in avoiding these things. In the case of the slight attack we had last week one of our freelancers still could not get through even with the fix our developers offered. She called her ISP and they did a temporary work around and began investigating more permanent solutions.

Honestly to me this is just someone with a botnet and not much in the way of any real ability, DDOS is the easiest of all of the tricks. When Lulzsec took down PSN not only did they bring it down they took mass amounts of player information and credit card information. I don't believe this has anything to do with them (him) trying to prove a point about security on a network. PSN is a large target and will get you attention and lots of it, Look at the big picture though. They DDOS'd PSN, Called in a bomb threat on AA flight 362, tried to take down XBL but didn't do a very good job at it (I never had any issues with it last night) but when they couldn't bring it down they targeted Vatican City's website took that down breifly and it's now back up.
This is just a very sad person looking for attention wherever they can get it but with the bomb threat and claiming ISIS on the Vatican City takedown he has just brought all hell after him. TOR is trackable 

Lol this is 3 days old. People and sites read the status all wrong. On Xbox Diablo live features were down, NOT Xbox live like PSN!. MS is better protected against these attacks than Sony. And dum dum. Steam got hit as well.

What they need to do to these hackers is catch them. Then Donkey punch them every morning, for there stupidity. These mommy/daddy issue losers are sad people.

Even Guild Wars 2 (US) got hit. The onces in Europe didn't (servers, cause I have a account on the European Server) get affected while my friends on a US Server got the DDoS Attack. It's weird haha

I noticed my TitanFall was a little laggy, and I am on the east coast , it kept connecting me to , North Central servers. And my connection was a little laggy.

Where I saw myself in game was not the same place I saw in kill cam playbacks.

So thats why I wasnt logged into hexic(wp8).
Had problems for a number of weeks turns out the external n wifi adapter I got months ago is having problems connecting

In what country? What state? Because I haven't had an issue. I been enjoying madden 15 witch I might add that I got it from ea access .

Battle.Net(Blizzard), Path Of Exile(Grinding Gear Games), League Of Legends(Riot), PSN, XBLive, Dota2.
Lizard Squad claimed the attacks to all of this game, basically games that famous streamers play in twitch

Its not a DDOS. Its a basic error. Microsoft's Xbox live login server is unable to be traced and is NOT vulnerable to any kind of denial of service type attack. My credentials reside in the LPT, CEH, and other cyber security certifications.

I couldn't sign in to my Xbox Live Account on my Xbox 360 S last night at all. Now that I have read this, I think this may have been why. Good move for Xbox and Microsoft to protect its users!