Meetup.com Down: Site Hacked, Held For Ransom

Meetup.com Held for Ransom

Meetup.com the social networking site for people looking for others with similar interests has been offline since Monday morning after it became the latest internet victim of a DDOS campaign. According to the website no credit card information or any personal details were accessed, but due to the fact that Meetup.com refuses to pay the $300 ransom it has remained offline.

Co-founder and CEO of Meetup, Scott Heiferman, stated on the sites official blog that this is the only attack that the social network has faced over the last decade, and said they will not pay the sum even though it is so small. Heiferman explained that they will not negotiate with the cyber attackers because they don’t work with criminals. He added that if they pay up then other criminals will launch DDOS attacks with the goal of getting money from similar organizations creating a dangerous precedent.

No doubt, this has been a tough weekend for Meetup. Since Thursday, we faced a massive attack on our servers — a DDoS attack, which is a barrage of traffic intended to make service unavailable. We’ve had many hours of downtime over several days, a first for us in 12 years of growing the world’s largest network of local community groups.

While the site was down, the Meetup community was not. There were over 60,000 Meetups during the outage period- people meeting up about what’s important in their lives- and saw an incredible outpouring of support.

Who does a DDoS on @Meetup? Do they hate kittens, too?

— May Contain Nuts (@mccannst) February 27, 2014

According to Heiferman it may take some time, but eventually the website will be able to get protection up so that it can come back online without any future disturbances. It has been going on and offline since early Thursday when the cyber attacks were first initiated. He added that the company spends millions on security every year.

A little background: We spend millions of dollars every year keeping the Meetup website and apps secure, stable, and reliable. At Meetup HQ we have an amazing team of systems experts who build and manage our secure data centers — they are on-call 24/7 and have been very successful at making Meetup reliable year after year.

Why the company chose not to pay:

1. We made a decision not to negotiate with criminals.
2. The extortion dollar amount suggests this to be the work of amateurs, but the attack is sophisticated. We believe this lowball amount is a trick to see if we are the kind of target who would pay. We believe if we pay, the criminals would simply demand much more.
3. Payment could make us (and all well-meaning organizations like us) a target for further extortion demands as word spreads in the criminal world.
4. We are confident we can protect Meetup from this aggressive attack, even if it will take time.

For the latest on the service outage, check this blog post.

On The Web:

http://www.reuters.com/article/2014/03/03/us-meetup-cyberattack-idUSBREA221TR20140303