Major DDoS attack on Dyn DNS knocks Spotify, Twitter, Github, PayPal, and more offline

hacker fist

Update 5: At 6:18 P.M. Eastern Dyn said the DDoS attacks have been resolved. Fingers crossed another wave doesn’t occur, as happened earlier today. You can find Dyn’s incident report here.

Update 4: Dyn is being hit by a third wave of DDoS attacks Friday afternoon. The attacks are “well planned and executed, coming from tens of millions of IP addresses at the same time,” the company told CNBC.

Update 3: A heat map purportedly showing backbone internet provider Level 3’s East Coast outages was removed from this piece at 2:50 p.m. Eastern, as a Level 3 spokesperson says its network “was operating normally this morning, and [the company] did not see an East Coast outage.” See the informative Periscope from its CSO embedded below.

As of 3:45 P.M. Eastern, Dyn reports its engineers are still working to mitigate the issue.

Update 2: Dyn says it was hit with another DDoS attack at 11:52 A.M. Eastern. Currently, Twitter, Etsy, Spotify and the other sites affected by the earlier attack are offline from my location in the Northeast U.S. The outages have spread to other parts of the United States and apparently Europe at this point.

Update: Dyn says services were restored at 9:36 A.M. Eastern time, and I can now connect to the affected websites again—which indicates the two events were indeed related.

Every morning, I sit down at my PC with a cup of coffee, crank some tunes on Spotify, and scour r/techsupportgore for gnarly PC disaster pics to tweet out. Not this morning, because it appears a massive Distributed Denial of Service attack targeting DNS host Dyn has knocked a big chunk of the Internet offline Friday morning.

The Domain Name System (DNS) converts human-readable URLs (like “”) to their underlying numeric IP addresses. Dyn hasn’t confirmed that the outages and its DDoS attack are related, but given that these sites keep going down every time Dyn gets slammed, it seems highly likely.

Hacker News users report the following sites are down:

  • Twitter
  • Etsy
  • Github
  • Soundcloud
  • Spotify
  • Heroku
  • Pagerduty
  • Shopify
  • Intercom

Trying to connect to all of those sites indeed proved fruitless this morning. Zoho, SaneBox, and iHeart Radio also appear to be down on my end, in New Hampshire. Netflix, Slack, Imgur, HBO Now, PayPal, PlayStation Network, Yammer, Seamless, and many more services have also experienced interruptions today.

At roughly 7 A.M. Friday morning, Dyn posted the following status report:

“Starting at 11:10 UTC on October 21th-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time.”

This afternoon, Dale Drew—the chief security officer for Level 3, a tier 1 Internetbackbone provider—broadcast an informative Periscope video explaining what exactly is going on here. He also says Dyn isn’t the sole victim. “We’re seeing the bad guy rotate through quite a few DNS providers, trying to add some instability to the Internet.” A portion of the attack originates from the gigantic Mirai “Internet of things” botnet, Drew says, which was recently used in a DDoS of unprecedented size. About 10 percent of the Mirai botnet nodes are active in this attack on Dyn, though those nodes aren’t the only ones targeting the DNS provider.

Check it out in the embedded tweet below… assuming Twitter is working for you.