GitHub Hit With A DDoS Attack, Second In Two Days, And “Major Service Outage” [Update: GitHub Back Up, No Data Breached]
Services on code-sharing site GitHub have been disrupted for over an hour in what started as a “major service outage” because of a “brief DDoS attack.” This is the second DDoS attack in as many days and at least the third in the last several months: Yesterday, GitHub also reported a DDoS incident. And in October 2012, the service also went down due to malicious hackers.
Today, the distributed denial of service incident has affected the site for at least an hour, starting at 10.43AM GMT with a major service outage. GitHub noted that the cause was a “another brief DDoS attack” and that service should be returning to normal. At 11.11AM, the site reported that some systems were still being affected. “Access to downloadable source code archives and uploaded files is temporarily down. We’re working to restore it asap,” it noted.
There has been some debate over security at GitHub, with several people recently revealing the amount of sensitive information like passwords and private keys stored on publicly-accessible pages. On a code-sharing repository, this is not like blasting information as you might see in a display ad, but it’s the kind of information that can be found if you know how and where to look.
And the DDoS attacks against GitHub go back some way. In Feburary 2012, for example, the site revealed a sustained attack that lasted for nearly a week. “This attack is global, and has been very intense at times. Yesterday morning, for example, github.com suddenly received requests from 10,000 times the number of clients it had handled the minute before,” Jesse Newland wrote on GitHub’s blog. That only resulted in an hour of total downtime. He also wrote that GitHub was putting in place measures to better protect against DDoS attacks in the future — although clearly not eliminate them completely.
GitHub has had a lot of success in the last few years. With some 3 million developers using the site to post and share code; a recent $100 million round from Andreessen Horowitz; and other accolades, it exemplifies the wider trend of the rise of the enterprise startup — a status that likely also brings positive as negative attention.
Update: Three hours later, everything is back up and working normally. We have reached out to ask whether GitHub has any more information about the incidents.
Update 2: GitHub’s Brial Doll has responded to say there is no information to share about the DDoS incidents, but he says that there has been to data breach: “We don’t have additional information we can share about the origin of these incidents, but no data has been compromised during these or any previous DDoS incident.”
(H/T HackerNews)