Case Study: CCP Games achieves DDoS protection and 99% credential‑stuffing bot blocking with Cloudflare

Cloudflare Security Solutions Help CCP Games Stop DDoS Attacks & Credential-Stuffing Bots

CCP Games, the Reykjavik-based studio behind the MMO EVE Online (300,000+ active players), faced persistent threats to uptime and player security: large-scale DDoS attacks that could slow or take down game servers, and credential‑stuffing bots that led to account takeovers and theft of high‑value digital assets and PII. Their complex infrastructure and prior mitigation efforts weren’t stopping sophisticated attackers, risking player transactions, trust, and business continuity.

CCP implemented Cloudflare Magic Transit (L3) and Spectrum (L4) to stop DDoS attacks and deployed Cloudflare Bot Management to detect and block credential‑stuffing bots. The combined solution stopped persistent attacks in real time, improved global performance and reliability (players even dropped VPNs), and blocked credential‑stuffing with ~99% accuracy—resulting in no successful credential‑stuffing incidents since deployment and negligible impact on legitimate logins (CAPTCHA resolution ~1.5%).

CCP Games

Nicholas Herring

Technical Director of Infrastructure