Grinding Gear Games (GGG), the developer of the action RPG Path of Exile, has implemented new security updates to strengthen its protection against Distributed Denial‑of‑Service (DDoS) attacks. The changes follow a period of significant server instability after the release of the game’s latest expansion, Secrets of the Atlas.
In a post published on June 26, GGG confirmed that recent disruptions stemmed from both increased malicious traffic and unintended consequences of their mitigation strategy. Protective filters aimed at blocking DDoS traffic also interfered with legitimate player connections, leading to session drops and blocked access for some users.
“We’ve been very focused on improving DDoS protection for our servers. Unfortunately, some of the protective measures have blocked legitimate traffic, causing instances to unexpectedly close,” the developers stated. “We’re working closely with our server providers to finish setting up protection and resolve these issues as soon as possible.”
The post also addressed two other concerns: an uptick in player-reported account compromises and visual flickering affecting gameplay during intense action. GGG confirmed no evidence of a breach in its internal systems and committed to releasing a fix for the flickering issue in the following update.
DDoS at launch: A global problem
The launch of Secrets of the Atlas between June 14–18 triggered a spike in player activity—and with it, a new wave of DDoS attacks. GGG confirmed that European servers were the primary targets early on, with ripple effects reaching other regions as players switched to different gateways in search of stability.
According to an update shared by the developers, “European servers but also servers across the globe have been facing a barrage of DDOS attacks… This is unacceptable service and we are deeply sorry.” Server disruptions included login failures, rollback events, and connection timeouts, particularly during peak hours.
The combination of external attacks and internal infrastructure stress created a challenging environment for real-time mitigation. Some players speculated that high traffic loads from legitimate users may have further contributed to the issues, especially as players migrated between regional servers and overloaded fallback infrastructure.
What Network Engineers should note
- Confirmed DDoS activity – GGG’s infrastructure came under coordinated attack, resulting in the deployment of more aggressive filtering strategies.
- False positives during mitigation – Legitimate player traffic was affected due to tightened thresholds. The need for behaviour-aware traffic baselining is critical in such scenarios.
- Cross-regional traffic overflow – Pressure on European servers caused traffic spillover to other regions, underlining the importance of global load balancing and elastic scaling.
- Client-side vs server-side confusion – Game engine issues such as UI flickering occurred alongside network symptoms, illustrating how easily different failure modes can be conflated during high-impact events.
A measured and ongoing response
While the situation has caused frustration among Path of Exile’s dedicated player base, Grinding Gear Games has demonstrated a strong commitment to resolving the issues transparently and thoroughly. The company has communicated with the community frequently and taken immediate steps to diagnose and address the problems as they emerge.
This case is a good example of the complexity of protecting low-latency, real-time services from attack while maintaining high availability and performance. GGG’s focus on fixing root causes—alongside their willingness to acknowledge missteps—reflects a proactive and resilient approach to network defence.
As the studio works closely with service providers to refine its mitigation strategies, players and operators alike can expect improved stability in the weeks ahead.
About FastNetMon
FastNetMon is a leading solution for network security, offering advanced DDoS detection and mitigation. With real-time analytics and rapid response capabilities, FastNetMon helps organisations protect their infrastructure from evolving cyber threats.
For more information, visit https://fastnetmon.com