How Plarium Uses Intent-Based Detection to Block 20M+ Malicious Requests a Month

In the hypercompetitive gaming world, availability and smooth user experience are paramount. Plarium, a video game studio specializing in online multiplayer strategy games for social networks and mobile devices, has long been the target of credential stuffing attacks on its login pages. Thanks to DataDome, the security team distinguished malicious automation from legitimate bots, stabilized critical endpoints, and restored reliable campaign analytics by filtering more than 20M monthly malicious requests and neutralizing DDoS attacks, without creating friction for real players.

The challenge: Distinguishing the good bots from the bad ones 

In online games, every traffic spike can put a strain on your infrastructure and your players’ patience. Plarium faced sustained credential stuffing attacks on its login endpoints over several weeks, generating L7 DDoS-like bursts that created latency and bottlenecks. 

These AI-driven attacks reached millions of requests (22M malicious requests over a month), which could have jeopardized service availability and player trust if defenses were even slightly delayed. The team also had to avoid disruptive controls such as CAPTCHA, which can degrade the player experience during peak times.

“We experienced a lot of credential stuffing on our login mechanism, and we don’t want to block every bot, but only the malicious ones,” says Oren Zenescu, Chief Information Security Officer at Plarium. “That nuance is critical in gaming, where discoverability and SEO matter.”

For a studio operating at global scale, the risks were substantial. Login instability during high-velocity bursts could directly harm time-in-game and revenue. Imprecise controls risked blocking real users and generating churn. At the same time, they must also guard against downstream abuse patterns common in the industry, such as fake account creation.

In parallel, the marketing growth team needed clear attribution to steer the budget. Non-human ad traffic was mixing with paid campaigns on different channels, completely skewing performance metrics. As a result, spending and channel evaluation were nearly impossible.

“In marketing, it’s essential to distinguish between legitimate player activity registering to play the game, from malicious bots trying to overwhelm our campaigns,” explains Oren. “The return on investment is calculated based on human clicks, not automated ones.”

Indeed, poor allocation of marketing budgets can compromise strategic decisions, and noisy registration metrics can mask true patterns of player acquisition. Other bot mitigation vendors that Plarium checked only focused on network-layer anomalies, along with ad-hoc manual triage. But those approaches struggled on the user and application layer, as they couldn’t reliably separate legitimate automation from scripted spikes. As a result, the team either under-blocked and left the login unstable or risked over-blocking and harming discoverability.

The solution: Intent-based detection that evaluates every request 

Plarium turned to DataDome for our detection accuracy and ability to assess behavior through our collection of both client- and server-side signals. 

“Thanks to DataDome, we were able to quickly detect malicious automated bots and block them on our servers, preventing them from establishing a network connection with our backend,” explains Oren.

Of course, Oren’s team allows search engine bots to circulate. “DataDome allowed us to tell the good bots from the bad, and humans from bots, by understanding the intent behind each connection. We now know which sources are causing the repetitive DDoS, who is trying to guess passwords, and who is requesting an unreasonably high amount of traffic in a short period of time… That is a big win,” says Oren.

The results: Stable logins, secure accounts, & trustworthy analytics

Thanks to the partnership with DataDome, Plarium restored stability to its login endpoints without disruption, even during periods of traffic spikes. Including one incident in particular where Plarium saw a sudden 35-fold increase in traffic. DataDome immediately identified the pattern, and the malicious traffic was stopped. It turned out that 99% of the traffic was from an automated attack. Throughout the incident, the connection remained available to genuine players who didn’t experience any disruption thanks to DataDome. 

“DataDome allowed us to respond very quickly and return to normal in record time,” says Oren.

Plarium’s response cycles have become faster, freeing the team from manual work during periods of high pressure. On the growth side, campaign analysis is now more reliable, and marketing budgets now reflect reality.

Oren is satisfied with his decision to choose DataDome. “To my peers, I say that if you want to get an accurate picture defined by many different algorithms, and not just ‘high traffic from a single IP source,’ then I highly recommend DataDome.”

Run a free Vulnerability Scan today to see if bad bots and malicious AI can easily access your web properties.