Meetup, the social networking site that allows members to connect and meet offline to engage in a wide range of activities, had a rough weekend.
The trouble started Thursday morning when Meetup CEO Scott Heiferman received this email: "A competitor asked me to perform a DDoS attack on your website. I can stop the attack for $300 USD. Let me know if you are interested in my offer."
Unfortunately, it wasn't an empty threat; "Simultaneously, the attack began, our servers were overwhelmed with traffic, and the site went down," Heiferman wrote in a blog post.
Since then, the site has been intermittently unavailable; service was restored for brief periods over the weekend, but each restoration was met with a subsequent bombardment of traffic, knocking the site back offline. Meetup was still working to restore service this morning.
In a blog post on the site, Heiferman outlined his reasons behind refusing to pay the paltry ransom fee, acknowledging that it's a "natural question I know many of you will ask."
"We chose not to pay because:
1.We made a decision not to negotiate with criminals.
2.The extortion dollar amount suggests this to be the work of amateurs, but the attack is sophisticated. We believe this lowball amount is a trick to see if we are the kind of target who would pay.We believe if we pay, the criminals would simply demand much more.
3. Payment could make us (and all well-meaning organizations like us) a target for further extortion demands as word spreads in the criminal world.
4. We are confident we can protect Meetup from this aggressive attack, even if it will take time."
The attack was the first in the site's 12-year history. Heiferman expressed confidence that eventually, the site would be able to protect itself from future attacks but warned "it's possible that we'll face outages in the days ahead."