GitHub has revealed it was hit with what may be the largest-ever distributed denial of service (DDoS) attack. The first portion of the attack against the developer platform peaked at 1.35Tbps, and there was a second 400Gbps spike later. This would make it the biggest DDoS attack recorded so far. Until now, the biggest clocked in at around 1.1Tbps.
In a post on its engineering blog, the developer platform said that, on Feb. 28, GitHub.com was unavailable from 17:21 to 17:26 UTC and intermittently unavailable from 17:26 to 17:30 UTC due to the DDoS attack. Github said that at no point “was the confidentiality or integrity of your data at risk.”
The DDoS attack featured an unusual way of amplifying its power, relying on UDP-based memcached traffic. Memcached is a tool meant to cache data and reduce strain on heavier data stores, like disk or databases. It is only intended to be used on systems that are not exposed to the internet, as there is no authentication required. However, there are currently more than 50,000 known vulnerable systems, according to Akamai.
Read more about the massive DDoS attack on Github, which shows that DDoS attackers have found a new way of magnifying their attacks, on ZDNet.