A major cyberattack affected hundreds of websites today, including the New York Times, Reddit, Twitter, Spotify, and eBay.
The attack actually centered on Dyn, a New Hampshire-based company that offers a platform to optimize websites’ online performance. This includes monitoring and controlling applications and infrastructure with data and analytics to reroute traffic and ensure end-users aren’t impacted by slow response times.
Dyn’s DNS service acts as a bridge between human-readable domain names and IP addresses that the internet is able to understand, and it was customers of this managed DNS service that were impacted. The distributed denial-of-service (DDoS) — an attack where the target is overwhelmed with a deluge of data to cause the network to crash — was felt mainly on the U.S. East Coast from around 11 a.m. UTC (5 a.m. ET), though Dyn reports that service was restored as of 13:20 UTC (07:20 a.m. ET).
DDoS attacks have seen a notable increase in recent times, with reports indicating a rise of 125 percent between 2015 and 2016. Game developer Blizzard has experienced a spate of DDoS attacks in recent months, causing widespread disruption for fans of World of Warcraft, Hearthstone: Heroes of Warcraft, and Overwatch.
Founded in 1998, Dyn claims that “eight of the top 10 internet services / retail companies in the Fortune 500” use its services, and it raised a chunky $50 million round earlier this year, taking its total funding to around $100 million.
Update as of 10:29 a.m. Pacific on Friday: A second round attack has hit Dyn, once again affecting a bunch of internet services.
Update as of 11:33 a.m. Pacific on Friday: Other services where users have reported being affected by this attack include the App Store, Pinterest, Box, PayPal, SoundCloud, Shopify, Intercom, Github, and Etsy. The U.S. Department of Homeland Security is looking into this event and told CBS News it is “investigating all potential causes”.