Add Plenty of Fish to the list of technology companies whose websites have come under DDoS attacks from unknown cybercriminals in recent days. The company says that it was the victim of a five-hour attack today that affected approximately 1 million users. Initially, the attacks took down the Plenty of Fish website, then later the company’s mobile apps on iPhone, iPad and Android.
As per the usual M.O., the attacker first contacted the site to warn them of the impending DDoS at 6:45 AM PT, then the attack started at 8:13 AM PT where it continued for several hours, off and on. The company says it was only recently able to mitigate the flood, and is now fully up and running again.
The attack was 40 Gigabits in size, which makes it larger than the attack which took Meetup.com offline for nearly five days last month – that attack was “only” 8 GBps, the company had said at the time.
These DDoS attacks (distributed denial-of-service attacks) have become more powerful as of late, thanks to the way attackers are exploiting older internet protocols like Network Time Protocol, or NTP, to increase their size. That seems to be the case here, given the size of the attack that Plenty of Fish suffered.
Other companies that have been attacked more recently include TypePad, Basecamp, Vimeo, Bit.ly, and as of this past weekend, marketing analytics software provider Moz, to name just a few.
In Plenty of Fish’s case, the attacker demanded $2,000 to have them stop the attack.
Want to know if your company is about to have a bad day? Look for an email like this:
From: dalem leinda <firstname.lastname@example.org>
Date: Tue, May 20, 2014 at 12:09 PM
Subject: Re: DDoS attack, warning
If you feel ready to negotiate, I’m still here.
For something around $2k, I will stop the current attack and I will not resume further attacks. The amount depends on how quickly you can make the payment.