Could this be the sign of a new data breach?

Sep 5, 2016 22:50 GMT  ·  By

Linode, one of the world's top providers of virtual private servers (VPS), battled over the weekend with a DDoS attack that targeted its Atlanta data center and that the company has described as "catastrophic."

The attack, aimed at the company's Atlanta data center, started on Saturday, September 3, around 21:00 UTC, and got the Linode team scrambling for answers.

Three and a half hours later, Linode engineers were informing customers that they experienced "a catastrophic DDoS attack which is being spread across hundreds of different IP addresses in rapid succession, making mitigation extremely difficult."

During all this time, connectivity to the service was down, affecting Linode customers such as Clojars, a repository of open source Clojure libraries that relies on the Linode infrastructure.

The attack started subsiding by Monday, September 5, around 21:30 UTC. The attack's start and end date were perfectly timed to fit the US Labor Day extended holiday weekend.

It's likely that attackers hoped to take advantage of the smaller number of Linode personnel on hand to respond to the attack in order to penetrate the company's network, or launch other secondary attacks harder to mitigate with fewer employees around.

This is not the first time Linode suffered a "catastrophic" DDoS attack that ended in a security breach. From Christmas 2015 to early January 2016, the company had to deal with a two-week-long DDoS attack, at the end of which customers reported unauthorized logins to their accounts. Linode reset account passwords after discovering the intrusions.