Evernote and Feedly both fell prey to distributed denial of service (DDoS) attacks this week. Feedly was contacted by cyber criminals seeking to extort money from the company in order to make the attacks stop.
The Feedly attack this morning occurred just one day after a similar attack briefly denied service to Evernote users. Although it is uncertain whether the two attacks were perpetrated by the same individuals, Feedly and Evernote often work closely together.
"We refused to give in and are working with our network providers to mitigate the attack as best as we can," Feedly says in a statement today.
Evernote's 100 million users were unable to synchronize data between devices after the attack started at around 2:30 p.m. PST Tuesday. However, the company was able to bring the service back online after a few hours despite the fact that the DDoS attack was still underway. The 12 million people who use Feedly lost access to the service at around 2 a.m. PST Wednesday. Feedly remained offline until the attack was finally neutralized at around 3 p.m.
DDoS attacks are caused by hundreds or even thousands of computers all sending large amounts of information to the target's servers, causing them to be overwhelmed and unable to respond to user requests. The computers used in the attack are often PCs that have been hijacked to create what is known as a botnet. With the increased speed and bandwidth of modern internet connections, the power of DDoS attacks also increases. The same number of computers can flood a server with more data than ever before.
Based on a report published in April by Verizon the average size of DDoS attacks more than doubled to 10.1 Gbps between 2011 and 2013. Attacks reaching 100 Gbps have become increasingly common, and an attack on Cloudflare in February exceeded 400 Gbps. Attacks of this size are made possible by botnets made containing a large number of servers, which are capable of sending out far more data than home computers.
Feedly says that it is working with other victims of the same group as well as local law enforcement to determine who was behind these attacks. DDoS attacks do not infiltrate the target servers, so neither Feedly nor Evernote had any data compromised.