SAN FRANCISCO — Two successive waves of online attacks blocked multiple major websites Friday, at times making it impossible for users on the East Coast to access Twitter, Spotify, Netflix, Amazon, Tumblr and Reddit
The first attacks appear to have begun around 7:10 am Friday, then resolved towards 9:30 am, but then a fresh wave began.
The cause was a large-scale distributed denial of service attack (DDoS) against Internet performance company Dyn that blocked user access to many popular sites standstill.
Dyn reported the sites going down at around 11:10 a.m. UTC, or roughly 7:10 a.m. ET, posting on its website that it "began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure."
In an update posted at 8:45 a.m. ET, the company confirmed the attack, noting that "this attack is mainly impacting US East and is impacting Managed DNS customers in this region. Our Engineers are continuing to work on mitigating this issue."
White House Press Secretary Josh Earnest said the Department of Homeland Security was “monitoring the situation" but that “at this point I don’t have any information about who may be responsible for this malicious activity.”
Amazon, whose web service AWS hosts many of the web's popular destinations including Netflix, also reported East Coast issues around the same time. In an update posted at 9:36 a.m. ET it said that it had "been resolved and the service is operating normally."
Amazon noted that it was suffering from a "hostname" issue and it was not immediately clear if it was related to the DDoS attack Dyn received.
Denial of service attacks are when someone, or a group of people, floods a particular site or service with large amounts of fake traffic in an attempt to overwhelm the system and take it offline. It was not immediately clear who initiated Friday's attack or why.
A post on Hacker News first identified the attack and named the sites that were affected. Several sites, including Spotify and GitHub, took to Twitter this morning to post status updates once the social network was back online.
Uh oh, we’re having some issues right now and investigating. We’ll keep you updated!— Spotify Status (@SpotifyStatus) October 21, 2016
The upstream DNS incident has been resolved. We continue to monitor our systems while they deliver a backlog of webhook events.— GitHub Status (@githubstatus) October 21, 2016
Twitter users similarly took to the service to keep lists of which sites were down and comment on the situation. The term DDoS quickly vaulted to among the top of the site's list of "Trending Topics" in the United States.Twitter users similarly took to the service to keep lists of which sites were down and comment on the situation. The term DDoS quickly vaulted to among the top of the site's list of "Trending Topics" in the United States.
Websites that went down b/c of this morning's DDoS attack include:— NUFF$AID (@nuffsaidNY) October 21, 2016
DDoS attack this morning takes out Reddit, Twitter & Spotify. Work productivity increases by 300%— Anubis8 (@Anubis8) October 21, 2016
"DDoS attack this morning takes out Reddit, Twitter & Spotify," wrote user @Anubis8. "Work productivity increases by 300%."
Anyone else having a whole lot of trouble with sites loading properly this morning? Paypal is down, Twitter was down, Netflix half loading.— Emmy Caitlin (@emmycaitlin) October 21, 2016
"Looks like Twitter is down again.....now 1 billion people won't know what I had for breakfast," commented Ben duPont.
Looks like Twitter is down again.....now 1 billion people won't know what I had for breakfast.— Ben duPont (@BenjaminduPont) October 21, 2016
Dyn and Amazon did not immediately respond to a request for comment.
Follow Eli Blumenthal on Twitter @eliblumenthal