Meetup.com attacked by hacker extortionist

Meetup, a popular website for organizing real-life gatherings, has been down intermittently since Thursday, following an attack by a hacker demanding $300 US.

CEO won't pay $300 ransom demanded last Thursday

A screenshot taken Monday shows the message that visitors to Meetup.com have been receiving. (CBC)

Meetup.com has been down intermittently since Thursday, following an attack by a hacker demanding $300 US.

The site provides tools that allow online groups with common interests to organize real-life gatherings. It has almost 16 million members in 142,000 groups in 196 countries, including Canada.

As of Monday, visitors to the site were still receiving a message that "Meetup is currently unavailable."

Due to a "prolonged" denial of service attack, the website and apps were suffering intermittent outages, the site said. Such attacks flood a site with traffic, making services unavailable to other users.

"We're working urgently to bring Meetup back and restore full functionality," the message added. "We appreciate your patience."

Scott Heiferman, the site's co-founder and CEO noted on the Meetup blog that the data of Meetup members and organizers remains secure despite the attack: "No data has been accessed or stolen."

He said the attack started last Thursday morning, when he received an email stating: "A competitor asked me to perform a DDoS attack on your website. I can stop the attack for $300 US. Let me know if you are interested in my offer."

Meetup managed to restore service by Friday morning, but then the site was hit again Saturday and Sunday.

"While we’re confident that we’re taking all the necessary steps to protect against the threat, it’s possible that we’ll face outages in the days ahead," Hieferman added late Sunday.

Reasons not to pay the ransom

He explained that Meetup chose not to pay the $300 ransom because it does not negotiate with criminals. He added that payment could make Meetup and other organizations targets for further extortion, and that the $300 may just be a trick to "see if we are the kind of target who would pay."

"The extortion dollar amount suggests this to be the work of amateurs, but the attack is sophisticated," he added.

Meetup staff tweeted Monday that authorities have been alerted about the illegal attack.

Glen Brauer organizes meetups in Vancouver and in 50 other cities through the Meetup site.

He said it's been frustrating to watch the hack take place – and realize how hard it is to trace.

"It just seems if anyone can create these denial of service attacks and get away with them, then I think they will be more prevalent in the future, whether or not there is extortion demands attached to them."

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.