Meetup Suffering Significant DDoS Attack, Taking It Offline For Days

Meetup has been suffering from a prolonged DDoS (denial of service) attack which has caused the service to experience intermittent outages across both web and mobile for several days. The site is currently down as of this morning, redirecting users to a message detailing the situation on the company’s official blog.

TechCrunch tipsters pointed to the outage late last week, and now Meetup confirms it’s been the victim of a “massive attack” on its servers since Thursday, resulting in the longest downtime the company has seen in the 12 years of operating its service for local groups. To provide a sense of the impact the downtime has had on its community, Meetup notes that over 60,000 Meetups took place during the outage (…so far).

According to an email message sent to Scott Heiferman, co-founder and CEO at Meetup, the attacker reached out to the company after the DDoS began, offering to stop if paid $300.

The email reads:

Date: Thu, Feb 27, 2014 at 10:26 AM
Subject: DDoS attack, warning

A competitor asked me to perform a DDoS attack on your website. I can stop the attack for $300 USD. Let me know if you are interested in my offer.

But the company chose to not go that route, even though the amount requested was, as Heiferman says, “ridiculously small” because Meetup has made the decision not to negotiate with criminals. He also believes that the sophisticated nature of the attack indicates these are not amateurs as the initial amount suggests, but rather more experienced criminals who would likely raise the number once they realized Meetup was a target that’s willing to pay.

Plus, added Heiferman, “we were confident we can protect Meetup from this aggressive attack, even if it will take time.”

The company was able to restore service by Friday morning, but while the changes that would have allowed users to again access Meetup were distributed across the internet, the company’s servers were hit again (on Saturday, 4 PM ET). And again, on Sunday (8:09 PM ET), another strong wave hit the site, taking it down for a third time.

Meetup is still working to make the service stable, and it’s keeping users posted on the outage on Facebook, Twitter and the company blog.

This is a significantly long outage, not just for Meetup, but for any company to endure, and is sure to impact the company’s bottom line. TechCrunch understands that Meetup may now be working with a third-party to help them get their service back online and better protected. (We’ve reached out to the company to confirm. UPDATE: Meetup confirms it’s now working with Cloudflare to help with the DDoS.)

Meetup was recently in the news for bringing on new investors through a secondary funding round (a shareholder to shareholder transaction), which included several well-known angels, including Twitter’s Evan Williams, Zappos’ Tony Hsieh (for the second time), and Behance’s Scott Belsky, for instance. The round didn’t raise money for Meetup, however, but allowed a dozen or so current and former employees to exercise their stock options.

The company today spends “millions of dollars every year,” to keep the Meetup website and apps stable and secure, the CEO says, but the nature of DDoS attacks are changing, he notes. CloudFlare had recently warned that the new techniques involved with some of these attacks would be the start of “ugly things to come.”