An Update from the Anti Cheat Team
Security Clarification: Competitive Integrity and Recent IncidentsWe wanted to provide some additional details around two recent security-related situations that generated questions within the community. In both cases, our priority was to protect competitive integrity, ensure a secure environment, and act decisively to prevent abuse.Controller Hardware at the ALGS Year 5 ChampionshipDuring routine inspection ahead of the ALGS Year 5 Championship, a third-party controller was identified that included functionality not permitted in professional play. Testing revealed the presence of programmable inputs and wireless configuration features that posed both a competitive fairness concern and a potential risk to the secure LAN environment. Because these features could be modified externally through a phone based app and during live gameplay, the device was immediately removed from competition prior to the start of the event.Working directly with the League Operations team and following extensive testing, the device was later allowed back into use only after an unreleased firmware update fully removed all non-compliant functionality and disabled external connectivity. Even then, its use was permitted under strict monitoring for the remainder of the tournament. It’s important to note that consumer versions of this device remain non-compliant and should be used at users own risk at home. Server Stability Issues Caused by Player Name FormatSeparately, we investigated reports suggesting that Ranked matches were being DDoSed by a set of users using an extremely long name. This characterization was inaccurate and not, in fact, a DDoS attack. The issue stemmed from a validation edge case where excessively long player names could trigger a scripting error, resulting in a match disconnect under specific circumstances. While disruptive, this was not a network attack and did not involve external traffic or infrastructure abuse.The underlying issue has been addressed by tightening validation limits to ensure player names are safely handled in all gameplay scenarios. This fix prevents the behavior entirely and removes the ability for malicious actors to exploit name formatting to disrupt matches.We take both security and competitive fairness extremely seriously. These incidents reinforced the importance of proactive testing, rapid response, and clear enforcement of our rules and standards. We’ll continue auditing systems, validating hardware, and addressing edge cases to ensure Apex Legends remains fair, stable, and secure for all players—from Ranked matches to the highest levels of competition.
We wanted to provide some additional details around two recent security-related situations that generated questions within the community. In both cases, our priority was to protect competitive integrity, ensure a secure environment, and act decisively to prevent abuse.
Controller Hardware at the ALGS Year 5 ChampionshipDuring routine inspection ahead of the ALGS Year 5 Championship, a third-party controller was identified that included functionality not permitted in professional play. Testing revealed the presence of programmable inputs and wireless configuration features that posed both a competitive fairness concern and a potential risk to the secure LAN environment. Because these features could be modified externally through a phone based app and during live gameplay, the device was immediately removed from competition prior to the start of the event.
Working directly with the League Operations team and following extensive testing, the device was later allowed back into use only after an unreleased firmware update fully removed all non-compliant functionality and disabled external connectivity. Even then, its use was permitted under strict monitoring for the remainder of the tournament. It’s important to note that consumer versions of this device remain non-compliant and should be used at users own risk at home.
Server Stability Issues Caused by Player Name Format
Separately, we investigated reports suggesting that Ranked matches were being DDoSed by a set of users using an extremely long name. This characterization was inaccurate and not, in fact, a DDoS attack. The issue stemmed from a validation edge case where excessively long player names could trigger a scripting error, resulting in a match disconnect under specific circumstances. While disruptive, this was not a network attack and did not involve external traffic or infrastructure abuse.
The underlying issue has been addressed by tightening validation limits to ensure player names are safely handled in all gameplay scenarios. This fix prevents the behavior entirely and removes the ability for malicious actors to exploit name formatting to disrupt matches.
We take both security and competitive fairness extremely seriously. These incidents reinforced the importance of proactive testing, rapid response, and clear enforcement of our rules and standards. We’ll continue auditing systems, validating hardware, and addressing edge cases to ensure Apex Legends remains fair, stable, and secure for all players—from Ranked matches to the highest levels of competition.
