Cyber attacks targeting a little known internet infrastructure company, Dyn, disrupted access to dozens of websites on Friday, preventing some users from accessing PayPal, Twitter and Spotify.
It was not immediately clear who was responsible for the outages that began in the Eastern United States, and then spread to other parts of the country and Western Europe.
The outages were intermittent, making it difficult to identify all the victims. But technology news site Gizmodo named some five dozen sites that were affected by the attack. They included CNN, HBO Now, Mashable, the New York Times, People.com, the Wall Street Journal and Yelp.
U.S. officials told Reuters that the U.S. Department of Homeland Security and the Federal Bureau of Investigation were investigating.
The disruptions come at a time of unprecedented fears about the cyber threat in the United States, where hackers have breached political organizations and election agencies.
Homeland Security last week issued a warning about a powerful new approach for blocking access to websites – hackers infecting routers, printers, smart TVs and other connected devices with malware that turns them into “bot” armies that overwhelm website servers in distributed denial of service attacks.
Dyn said it had resolved one morning attack, which disrupted operations for about two hours, but disclosed a second a few hours later that was causing further disruptions.
Dyn initially said the outage was limited to the Eastern United States. Amazon later reported that the issue was affecting users in Western Europe. Twitter and some news sites could not be accessed by some users in London late on Friday evening.
PayPal Holdings Inc said that the outage prevented some customers in “certain regions” from making payments. It apologized to customers for the inconvenience and said that its networks had not been hacked.
In addition to the social network Twitter and music-streamer Spotify, the discussion site Reddit, hospitality booking service Airbnb and the Verge news site were among companies whose services were disrupted on Friday.
Amazon.com Inc’s web services division, one of the world’s biggest cloud computing companies, also reported a related outage, which it said was resolved early Friday afternoon.
Dyn is a Manchester, New Hampshire-based provider of services for managing domain name servers (DNS), which act as switchboards connecting internet traffic. Requests to access sites are transmitted through DNS servers that direct them to computers that host websites.
Its customers include some of the world’s biggest corporations and Internet firms, such as Pfizer, Visa, Netflix and Twitter, SoundCloud and BT.
Dyn said it was still trying to determine how the attack led to the outage but that its first priority was restoring service.
Attacking a large DNS provider can create massive disruptions because such firms are responsible for forwarding large volumes of internet traffic. (Reporting by Jim Finkle in Boston and Dustin Volz in Washington, additional reporting by Eric Auchard in Frankurt, Joseph Menn in San Francisco and Malathi Nayak in New York, Jeff Mason and Mark Hosenball in Washington, Adrian Croft and Frances Kerry in London; Editing by Bill Trott and Lisa Shumaker)