Meetup.com attacked by hacker extortionist
CEO won't pay $300 ransom demanded last Thursday
Meetup.com has been down intermittently since Thursday, following an attack by a hacker demanding $300 US.
The site provides tools that allow online groups with common interests to organize real-life gatherings. It has almost 16 million members in 142,000 groups in 196 countries, including Canada.
As of Monday, visitors to the site were still receiving a message that "Meetup is currently unavailable."
Due to a "prolonged" denial of service attack, the website and apps were suffering intermittent outages, the site said. Such attacks flood a site with traffic, making services unavailable to other users.
"We're working urgently to bring Meetup back and restore full functionality," the message added. "We appreciate your patience."
Scott Heiferman, the site's co-founder and CEO noted on the Meetup blog that the data of Meetup members and organizers remains secure despite the attack: "No data has been accessed or stolen."
He said the attack started last Thursday morning, when he received an email stating: "A competitor asked me to perform a DDoS attack on your website. I can stop the attack for $300 US. Let me know if you are interested in my offer."
Meetup managed to restore service by Friday morning, but then the site was hit again Saturday and Sunday.
"While we’re confident that we’re taking all the necessary steps to protect against the threat, it’s possible that we’ll face outages in the days ahead," Hieferman added late Sunday.
Reasons not to pay the ransom
He explained that Meetup chose not to pay the $300 ransom because it does not negotiate with criminals. He added that payment could make Meetup and other organizations targets for further extortion, and that the $300 may just be a trick to "see if we are the kind of target who would pay."
"The extortion dollar amount suggests this to be the work of amateurs, but the attack is sophisticated," he added.
Meetup staff tweeted Monday that authorities have been alerted about the illegal attack.
Glen Brauer organizes meetups in Vancouver and in 50 other cities through the Meetup site.
He said it's been frustrating to watch the hack take place – and realize how hard it is to trace.
"It just seems if anyone can create these denial of service attacks and get away with them, then I think they will be more prevalent in the future, whether or not there is extortion demands attached to them."