Follow-up on Loss of API Access During DDOS Attack


#1

Greetings Developers!

Many of you have heard of the DDOS attack on network providers, and how it impacted Blizzard services.

During our remediation efforts, some innocent services were inadvertently prevented from connecting to our APIs. In true Blizzard fashion, we continued to improve our efforts to not impact legitimate consumers of our APIs, and we’re constantly working to improve the process, in conjunction with our many vendors and partners.

As always, for the latest information about our services, please check out our Blizzard CS Twitter accounts:

US CS: https://twitter.com/BlizzardCS
EU (EN) CS: https://twitter.com/BlizzardCSEU_EN
EU (RU): https://twitter.com/BlizzardCSEU_RU
EU (DE): https://twitter.com/BlizzardCSEU_DE
EU (FR): https://twitter.com/BlizzardCSEU_FR
EU (ES): https://twitter.com/BlizzardCSEU_ES
Latin America (ES): https://twitter.com/BlizzardCS_ES
Latin America (PT): https://twitter.com/BlizzardCS_PT


#2

We understand that you were under a DDOS, and that sometimes in haste, one grabs at straws and breaks other things when searching for relief. We get that, and we don’t blame you.

Where I place blame is, again, in your complete inability to communicate during outages. We’re not merely customers of your games in here. We’re your partners, helping to support your player base with the tools we build with your API. We’re fellow developers and we understand a little bit better when the technology goes awry. So keep us in the loop.

This post is a day late and a dollar short. It reeks of being approved by a committee. You use the passive voice when you break something (“services were inadvertently prevented from connecting”) and the active voice when you fix something (“we continued to improve our efforts to not impact legitimate consumers”). Way to own it, folks.

Your follow-up post offers no apology and accepts no responsibility. In the abstract, it does not even acknowledge that you were radio silent for 2 weeks regarding the outage. More concretely, it does not offer us any information on whether the network blocks to your API are currently removed, whether they may return during another DDOS, or what we should tell your customers when they cannot use services we provide with your API. You have not restored my trust that my sites can reliably access your services.

Please address these concerns. Are there any networks which remain blocked from the API which could access it before the DDOS? Do you plan to block VPS providers during a future DDOS attack? Will the API servers continue to be subject to DDOS mitigation actions when the game servers are under attack?

Thank you for your response.