Cyber Incident Victim: Feedly
Date:
Jun 2014
Location:
United States of America
Summary
Feedly experienced a distributed denial of service attack that disrupted access for its user base, with attackers demanding ransom to cease the assault. The service refused the extortion, collaborating with network providers and law enforcement to mitigate the attack while assuring users their data remained secure. Concurrently, other cloud-based services faced similar DDoS incidents, reflecting broader trends of increasingly powerful attacks leveraging server botnets and amplification techniques.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 11, 2014, news aggregator service Feedly experienced a distributed denial of service (DDoS) attack that disrupted access for its approximately 12 million users. The attack began in the early morning hours Pacific Time, with Feedly's official status update at 2:04am PST confirming the criminal extortion attempt. Attackers demanded payment to cease the assault, which overwhelmed Feedly's infrastructure and rendered most or all users unable to access the service. Company officials publicly refused the ransom demands while coordinating mitigation efforts with network providers. Partial service restoration occurred gradually within hours of the initial outage, though full recovery timelines weren't specified. Feedly maintained throughout the incident that no user data was compromised, emphasizing that accessibility issues stemmed solely from the network congestion caused by the attack. The organization collaborated with other victims targeted by the same attacker group and engaged law enforcement agencies in their response.
The Feedly disruption occurred amid a series of DDoS attacks against cloud-based services that week. Evernote reported similar connectivity issues from DDoS attacks on June 10, with service restored by the time of Feedly's incident. Music streaming service Deezer had also been targeted in a separate DDoS attack over the preceding weekend. These incidents reflected broader trends in DDoS escalation documented in contemporary cybersecurity reports, with average attack bandwidth more than doubling from 4.7Gbps in 2011 to 10.1Gbps in 2013. The Verizon Data Breach Investigations Report noted attacks exceeding 100Gbps had become commonplace, with some reaching 400Gbps through exploitation of high-capacity server botnets rather than traditional PC networks. Attackers leveraged automated exploit kits and amplification techniques abusing network time protocol and vulnerable DNS servers to intensify these assaults. Feedly's public communications focused exclusively on restoration efforts and refusal to negotiate with attackers, without disclosing specific technical countermeasures beyond provider collaboration.