Starting early this morning, HootSuite users began noticing an inability to access their HootSuite dashboard. At 6:40am PST, HootSuite developers began working on the issue and started tracking and reporting on the issue online.
While scheduled messages and RSS feeds were unaffected, it was clear that most users were unable to access the dashboard and therefore unable to send new status updates or monitor accounts.
Within a couple of hours, HootSuite acknowledged that their servers were experiencing an attack. At 9:53am PST, HootSuite reported, “We’re currently mitigating a possible attack on our servers. Users may be experiencing problems with Dashboard and Mobile App functionality. Our Development team are actively working to restore full functionality and we will keep you up to date as we progress.”
Over the next hour, HootSuite’s development team made progress in mitigating the attack and service has been stabilized and restored for most users. As of this writing, the HootSuite dashboard appears to be available, and it is noted that HootSuite’s team continues to work the issue.
According to HootSuite, at no time was there any breach of data or threat to user accounts or information. HootSuite CEO Ryan Holmes said, “The security of our customers’ information is our highest priority. It was not put at risk today.”
A Denial of Service Attack (DOS) is when one or more computers are used to access a site or service simultaneously, in an attempt to overwhelm the site or service and force the server hosting the platform to become unresponsive. A DOS attack is typically mitigated by blocking the various IP addresses being used to access the service, preventing them from using vital resources. It takes time to resolve because once the attack is reported, it’s already in progress and the server is likely already suffering or has even crashed. If you can imagine a time when you’ve been using your own computer and it’s been slow because it is working too hard to run a bunch of applications, and then recall what happens as you continue to ask the computer to do things. With each new mouseclick and request, the computer just gets slower and slower, even if you’re closing programs that are causing the issue to begin with. It takes time to recover and restore services.
We will continue to keep an eye on this issue and HootSuite’s updates, and will update this post if there are any new developments.
UPDATE: As of 4:00pm PST Thursday, HootSuite had the following update: “Service has been restored. No customer data was compromised. HootSuite Engineering and Security teams are working with hosting providers to mitigate the impact of any future attacks.” HootSuite’s CEO has also sent a message to all HootSuite users and posted a brief blog post that provided a summary of the event.
