Yesterday, Twitter, Facebook, LiveJournal, and Google’s Blogger were targeted by a person or persons unknown, in a denial-of-service attack (DDOS) that attempted to silence the voice of one individual. The target in question was a Georgian blogger who goes by the name of “Cyxymu” online, according to recent reports from CNET. While Google withstood the attack, the other services suffered. LiveJournal and Twitter went down completely and Facebook struggled throughout the day.
As we now roll into day two of the “great social media outage of 2009,” you may be surprised to learn that it’s not over yet. Although Facebook and LJ have recovered, Twitter is still having issues. Not only was the site down once again early this morning, Twitter developers using the API are complaining that the company is sending mixed messages by reporting that they’re “back up” – when in reality many Twitter applications are still unusable.
This morning, Twitter was once again taken down by the DDOS attack. According to Ken Godskind, Chief Strategy Officer for Alertsite, Twitter’s website availability was less than 100% in the midnight, 3, 4, and 5 am hours EST. As of 6 am EST, the site has again recovered. Unfortunately, many third-party Twitter applications are still affected.
Twitter Developers Want Communication, Too
“Why is Biz saying things are “back in action” when apps like mine, and many other very large names are still broken from it. Sending this message to users sends a false message to them stating they should expect we should be up as well. At a very minimum, please state the API is still having issues.”
Other developers quickly chimed in agreeing, noting that Twitter has yet to communicate the API status to developers, leaving them in the dark as to when their apps will work again. It seems that some developers have been experiencing issues with everything from oAuth sign-ins to timeouts to applications being completely down. Paul Kinlan, developer of the Twollo application, an app that helps you find followers with similar interests, even said that he had to refund a paying customer because of the situation. No doubt he is not alone.
While the developers are generally sympathetic to the situation and understand that fighting off the attack is priority number one, what they’re finding hard to deal with is the lack of communication. Throughout the attack, Twitter has updated their Status Blog with notes about the service itself, but nothing about the API. Developers are frustrated and unsure of how to address the situation with their users given that Twitter has not provided any official information to them either through the blog or their own Twitter account.
We know that Twitter’s architecture has made it more vulnerable to this type of attack than Google or even Facebook, but in situations like this, communication is key. Hopefully today Twitter will do one of two things: either (preferably) stabilize its service and API or (at the very least) let developers know the status.
Update: Looks like Twitter listened: http://status.twitter.com/post/157979213/restoring-api-and-sms.
Update 2: See also our coverage of Cyxymu, the apparent target for these attacks.