Menu
Browse

Cyber Incident Victim: 123-Reg

Date:

Jan 2017

Location:

United Kingdom

Summary

The hosting provider 123-Reg experienced a distributed denial-of-service (DDoS) attack that disrupted customer email access and website functionality, prompting public acknowledgment via Twitter as engineers worked to mitigate the incident. Service was restored within hours after traffic rerouting efforts successfully resolved the attack, though this marked a recurrence following previous similar disruptions. The company apologized for inconveniences caused, having faced multiple high-volume DDoS incidents in prior years alongside an unrelated past infrastructure error that severely impacted business clients.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 1 motive 1 technique
Threat Actors Type Location
0 actors Available to members Available to members

Description

On January 6, 2017, UK-based web hosting provider 123-Reg experienced a distributed denial-of-service (DDoS) attack that disrupted customer services shortly after the new year. The attack began in the morning, prompting customer complaints on Twitter regarding inaccessible email accounts and hosted websites. 123-Reg confirmed via Twitter at approximately 11:30 AM GMT that a suspected DDoS attack was underway, stating their engineering team was assessing remediation options and potential impacts. Technical disruptions prevented some users from accessing email services or websites hosted through 123-Reg’s infrastructure, though the company did not disclose the exact number of affected customers or specific geographical regions impacted. By early afternoon, the engineering team successfully mitigated the attack through traffic rerouting and other countermeasures, restoring full services by 1:00 PM GMT—approximately two hours after initial detection. 123-Reg publicly apologized for the inconvenience but did not provide technical details regarding attack vectors, traffic volume, or perpetrator attribution. The swift resolution contrasted with longer outages during previous incidents, though the company’s Twitter updates remained the primary communication channel throughout the event.

Cyber Incident Image

This incident followed two earlier DDoS attacks against 123-Reg in 2016—one in August and another in October—both exceeding 30 gigabits per second in scale. The 2017 attack occurred less than three months after an unrelated November 2016 outage caused by human error during a virtual private server (VPS) network update, which left hundreds of business customers offline for extended periods. While the January 2017 DDoS attack’s duration was shorter than these prior events, it contributed to ongoing customer reliability concerns stemming from multiple operational disruptions within a six-month period. No data breaches or financial losses were linked to the January attack, though service interruptions impacted business operations for affected clients relying on 123-Reg’s email and web hosting platforms. The company’s incident response focused exclusively on technical mitigation without public discussion of future preventative measures or infrastructure changes.

Sources
Sources available to members
1 source