Ancestry servers have been hit by a distributed denial-of-service (DDoS) attack that started on Monday, putting on hold the research of the website visitors and the users of the applications relying on the services.The company announced that Ancestry websites are still not 100% functional and that some services still need to be restored completely.
Among the affected websites is FindAGrave.com, that offers access to 116 million grave records and was acquired by Ancestry.com in September 2013.
The cause of the attack and who’s behind it remains unknown, as well as why these targets have been set, but the number of users affected is significant, considering that in December 2013 the company had 2.14 million paying subscribers, according to Wikipedia.
Since the attack, the services of the company have been accessible intermittently, creating frustration among users, especially those working with Family Tree Maker, where synchronization of the data still does not work properly. The suggestion in this case is to switch to offline mode until the issue is solved.
Some of the customers demand the company to acknowledge the impact on the subscribers and extend their membership with a few days.
“I'm now into a third day without Ancestry.com, FindaGrave, RootsWeb and most USGenWeb service (all on Ancestry.com servers). I'm certainly not 'demanding a credit', but I will consider it extremely rude if Ancestry.com doesn't extend our memberships a few days. This may be a nightmare for their Information Systems department (my personal background), but they need to somehow acknowledge the impact on their clients,” wrote Kimball G. Everingham on Facebook in reply to an Ancestry post.
The company announced that at the moment access to MyCanvas.com and FindAGrave.com should be restored. Also, a new database has been added, allowing customers to search the Nevada marriage records from 1862-1993.
The purpose of a DDoS attack is to disable the services of the target by sending irrelevant information to their servers. These incidents sometimes mask other nefarious activities, such as information stealing, which is not the case with Ancestry.
“Your data was not compromised by this attack. This attack overloaded our servers with massive amounts of traffic but did not impact or access the data within those servers. No data was impacted in any way,” said Scott Sorensen, Chief Technology Officer at Ancestry.com.
A similar incident affected Feedly last week, when the service had to deal with no less than three consecutive DDoS waves.
Marc Gaffan, co-founder and chief business officer of Incapsula, told Softpedia that this sort of attacks may be a preliminary test before the real targets get hit.