DDoS triggers massive Evernote outage

Note-taking service hamstrung by packet floods

serverskulls header
Credit: Jen Anderson

Evernote was offline for several hours on Tuesday, returning only intermittently for some customers, while the company struggled to deal with a Distributed Denial of Service (DDoS) attack.

The attack started at about 2:30 p.m. PST, around the time that users started to notice problems syncing with the Evernote service. Thirty minutes after the attack started, Evernote took to Twitter to explain the issue; followed by an update ninety minutes later to confirm the issue was in fact a DDoS attack.

Users were left frustrated as they were denied access to their data, and Evernote's status portal was impacted by the attack, leaving Twitter as the only means of public communication.

Last month, Evernote said that they service more than 100 million users - a majority of them in Asia and Europe. Tuesday's DDoS likely impacted all of them for a brief time, but there were reports on Twitter that some people were able to access their accounts despite the attack.

After four hours of continuous fighting, Evernote reported the issue resolved, but warned that there may be problems over the next 24-hours.

Tuesday's attack, the company said in a statement, didn't result in any data loss. As such, no account information was compromised.

In March of 2013, Evernote admitted that attackers had accessed user names, email addresses and encrypted passwords. In a blog post on the incident, the company said they were requiring password resets as a precaution.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.