Attack on web provider disrupts some sites located on U.S. East Coast

A padlock is displayed at the Alert Logic booth during the 2016 Black Hat cyber-security conference in Las Vegas, Nevada,

By Jim Finkle and Dustin Volz

(Reuters) – Service of some major internet sites was disrupted for several hours on Friday morning as internet infrastructure provider Dyn said it was hit by a cyber attack that disrupted traffic mainly on the U.S. East Coast.

Social network Twitter &, music-streamer Spotify, discussion site Reddit and The Verge news site were among the companies whose services were reported to be down on Friday morning.

Amazon.com Inc’s web services division, one of the world’s biggest cloud computing companies, also disclosed an outage that lasted several hours on Friday morning. Amazon could not immediately be reached for comment.

It was unclear who was responsible for the Dyn attack, which the company said disrupted operations for about two hours.

It is the latest in an increasingly menacing string of “denial of service” attacks disrupting internet sites by overwhelming servers with web traffic. The U.S. Department of Homeland Security warned on Oct. 14 that hackers were infecting routers, printers, smart TVs and other connected devices to build powerful armies of “bots” that can shut down websites.

Doug Madory, director of internet analysis at Dyn, told Reuters he was not sure if the outages at Dyn and Amazon were connected.

“We provide service to Amazon but theirs is a complex network so it is hard to be definitive about causality at the moment,” he said.

Salesforce.com Inc’s  Heroku cloud-computing service platform, which runs on Amazon Web Services, disclosed a service outage that it said was related to a denial of service attack “against one of our DNS providers.”

Dyn said it was still trying to determine how the attack led to the outage.

“Our first priority over the last couple of hours has been our customers and restoring their performance,” Dyn Executive Vice President Scott Hilton said in a statement.

He said the problem was resolved at about 9:20 a.m. EDT (1320 GMT). It earlier reported its engineers were working to respond to an “attack” that mainly affected users on the East Coast.

An FBI representative said she had no immediate comment.

Dyn is a Manchester, New Hampshire-based provider of services for managing domain name servers (DNS), which act as switchboards connecting internet traffic. Requests to access sites are transmitted through DNS servers that direct them to computers that host websites.

Dyn’s customers include some of the world’s biggest corporations and Internet firms, such as Pfizer, Visa, Netflix and Twitter, SoundCloud and BT.

Attacking a large DNS provider can create massive disruptions because such firms are responsible for forwarding large volumes of internet traffic.

(Reporting By Jim Finkle in Boston and Dustin Volz in Washington; Additional reporting by Eric Auchard in Frankurt and Malathi Nayak in New York; Editing by Bill Trott)

Amazon forces some to change passwords after potential compromise

Some Amazon account holders were required to change their passwords this week after the online retailer found that the information could have been compromised.

Technology website ZDNet first reported the news Tuesday, noting Amazon wrote in an email addressed to affected users that there was “no reason” to believe the information had been leaked.

ZDNet reported the email said Amazon forced the password change as a purely precautionary measure after learning that the passwords might have been improperly stored or transmitted, which could have allowed a third party to access it.

It’s not clear how many people were asked to reset their passwords and Amazon corrected the issue.

The company has recently taken steps to improve cyber security.

Last week, it began allowing customers to require two-factor authentication to access their account. That requires users to not only successfully enter their password to log in to the website, but also a second group of characters that is typically sent to a user’s mobile phone.