Meetup's website remained offline Monday, the victim of a massive DDoS attack, which began last week with an email asking the company's CEO to cough up $300 -- or else.
The social networking site and its mobile apps have been largely inactive since last Thursday, when the distributed denial-of-service attack began on its servers. At least several attacks have been launched at the site, causing many hours of downtime over several days, which the company says is its first such experience since it was founded 12 years ago.
[ Learn how to greatly reduce the threat of malicious attacks with InfoWorld's Insider Threat Deep Dive PDF special report. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
Problems began when Meetup CEO Scott Heiferman received an email Thursday morning that said, "A competitor asked me to perform a DDoS attack on your website." The email said the attack could be stopped if $300 was paid, Heiferman said in a blog post Sunday night.
The company did not pay the $300, Heiferman said, because Meetup does not negotiate with criminals and because paying could make the site a target for further extortion demands.
The first attack began simultaneously when the company's servers were overwhelmed with traffic and services went down, he said. Meetup was able to restore service Friday morning, but it was not long before another attack disabled the site.
The company's landing page said Monday that Meetup is working urgently to restore functionality.
"You can count on Meetup to be stable and reliable soon," Heiferman said. But more outages could occur in the days ahead, he said.