Cyberattacks targeting a little known internet infrastructure company, Dyn, disrupted access to dozens of websites on Friday, preventing some users from accessing PayPal, Twitter and Spotify.
Dyn, whose customers include some of the world’s most widely visited websites, said it did not know who was responsible for the outages that began in the Eastern United States, then spread to other parts of the country and overseas.
The outages were intermittent, making it difficult to identify all the victims. But technology news site Gizmodo named some five dozen sites that were affected by the attack. They included CNN, HBO Now, Mashable, the New York Times, People.com, the Wall Street Journal and Yelp.
Dyn said attacks were coming from tens of millions of internet-connected devices — such as webcams, printers and thermostats — infected with malicious software that turns them into “bots” that can be used in massive denial-of-service attacks.
The U.S. Department of Homeland Security last week issued a warning about this powerful new approach, noting it was concerned about the potential for new incidents after code for malware used in these crimes was published on the internet.
Dyn said late on Friday that it was fighting the third major wave of cyberattacks launched from locations spread across the globe, making them harder to fight.
“The complexity of the attacks is what’s making it very challenging for us,” said Dyn’s chief strategy officer, Kyle York.
Services have been restored to normal as of 13:20 UTC.
— Dyn (@Dyn) October 21, 2016