Cyber Incident Victim: Match.com
Date:
May 2014
Location:
Canada
Summary
A dating website experienced a distributed denial-of-service (DDoS) attack lasting approximately five hours, disrupting access for around one million users by targeting both its primary site and mobile applications across multiple platforms. The attacker initiated contact prior to the incident, demanding $2,000 in Bitcoin to cease the 40 Gigabit-per-second attack, which exploited Network Time Protocol (NTP) amplification techniques to achieve its scale. This event followed a pattern of similar high-volume attacks against other online services, with the perpetrator using email demands and social media taunts to pressure victims into paying ransoms.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 20, 2014, dating website Plenty of Fish experienced a distributed denial-of-service (DDoS) attack that disrupted services for approximately one million users over five hours. The attacker initiated contact at 6:45 AM Pacific Time with a warning about an impending attack, which commenced at 8:13 AM PT. Initial impacts included the takedown of Plenty of Fish’s primary website, followed by outages affecting its mobile applications across iOS and Android platforms. The assailant demanded a $2,000 Bitcoin payment to cease the attack, explicitly tying the ransom amount to the speed of payment in an email signed "dalem leinda" from [email protected]. This email correspondence followed a pattern observed in prior attacks against other companies, featuring direct extortion attempts and threats of prolonged disruption. Plenty of Fish engineers intermittently mitigated the attack throughout the morning before fully restoring services. The company confirmed no data breaches occurred, as the attack focused solely on overwhelming infrastructure rather than penetrating security systems.
The DDoS attack reached 40 Gigabits per second, significantly exceeding the 8 Gigabit-per-second assault that had incapacitated Meetup.com for five days in April 2014. Attackers amplified the attack’s intensity by exploiting Network Time Protocol (NTP) vulnerabilities, a technique increasingly employed in large-scale DDoS campaigns during this period. The incident mirrored contemporaneous attacks against technology companies including Moz, which received similar extortion emails from the same Gmail address days earlier, as evidenced by public Twitter alerts to the FBI. Other confirmed targets during this wave of attacks included TypePad, Basecamp, Vimeo, and Bit.ly, though ransom demands and operational impacts varied across organizations. Plenty of Fish’s restoration of full functionality marked the conclusion of the incident, with no further attacks reported following the mitigation efforts. The company did not disclose whether law enforcement agencies investigated the attack or whether the perpetrator’s identity was established.