Cyber Incident Victim: Moonfruit
Date:
Dec 2015
Location:
United Kingdom
Summary
A web hosting service experienced a distributed denial-of-service (DDoS) attack, prompting proactive measures to take customer websites offline for up to 12 hours to implement infrastructure changes. The disruption caused significant operational and financial impacts for businesses relying on the platform, including lost client opportunities and reputational damage, particularly during a peak commercial period. Customers criticized the company for delayed communication regarding the outage, while the firm collaborated with law enforcement and emphasized expedited resolution efforts without disclosing further details about the attack's origin or demands.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 10, 2015, Moonfruit experienced a distributed denial of service (DDoS) attack that disrupted its web hosting services by overwhelming company systems with malicious traffic. This prevented legitimate users from accessing websites built through Moonfruit’s templated platform. Four days later, on December 14, the company preemptively took thousands of customer websites offline at 10:00 GMT, citing an undisclosed cyber-attack threat as the reason. Moonfruit announced the outage would last "up to 12 hours" to implement unspecified infrastructure changes aimed at mitigating future attacks. The decision followed consultations with law enforcement agencies, though the nature of the threat prompting the outage was not detailed in public statements. Customers received an email notification acknowledging the "short notice" but received no prior public updates about the impending disruption.
The unplanned downtime directly impacted businesses relying on Moonfruit-hosted sites during the critical pre-Christmas sales period. Film-maker Reece de Ville reported potential financial losses from clients being unable to access his site, emphasizing reputational risks if visitors assumed his business had ceased operations. Other affected customers included retailers selling seasonal items like Christmas cards and gifts. Moonfruit Director Matt Casey stated the company prioritized rapid infrastructure modifications, incurring significant time and expense, but did not specify the technical measures taken. Internal communication delays frustrated customers, who noted Moonfruit’s website provided minimal real-time updates during the incident. The BBC sought additional comments from Moonfruit, but no further technical details or attacker motivations were disclosed in the available public record.