The podcast hosting platforms Buzzsprout are Spreaker are mostly back to normal, but they have told users that they were the targets of distributed denial-of-service (DDoS) attacks. Buzzsprout company said it initially thought it was having problems with one of its servers on Sunday, but soon realized it was under attack. A DDoS attack is when somebody spams a server with so many requests that it takes the entire site offline. In an email to users, Buzzsprout said it is as if a group of cars intentionally caused a traffic jam on a highway to stop traffic from reaching its destination.
Thanks to some quick work by Buzzsprout, its servers had fended-off the attack several hours later, but the company said Monday that it is still working to fix a few lingering issues, including processing episodes that use its Magic Mastering audio tools. In a Twitter post, Buzzspout said a “small number” of podcasts were getting errors while uploading episodes. It recommended to avoid the problem that podcasters instead upload the episode with just a title then go back and add the rest. It also suggested podcasters limit their use of the site through today to help its team focus on returning operations to normal.
“DDoS attacks aren’t uncommon, but this is the first time somebody has taken Buzzsprout offline like this in over 11years in business. The good news is that they can only take down the site. Your podcasts, data, and personal information have not been accessed or compromised,” the company said. Buzzspout said it had been contacted by the culprits demanding money. “The attacker has attempted to extort Buzzsprout to end the attack. Unfortunately, paying them any money isn’t an option because DDoS attackers often use any money you pay them to fund larger attacks,” it told users in an update. “This is obviously illegal, and we’ve contacted federal authorities with the information we have about the attacker to bring them to justice.”
On Monday morning, Spreaker issued a similar alert to its users. “A DDoS attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources,” it said in a Twitter post. But late-morning it said the attack had been “mitigated” and that podcasts and personal data were not affected.