The DDoS attack between August 11 and August 18, 2020 was the most long-lasting and sophisticated our company has endured. In this post, we will recap the incident and explain the steps we're taking in response. However, we want to start by apologizing for the disruption this event has caused for many of our customers. When you picked Kinsta as your hosting provider, your decision was an indication of the trust you were placing in us. We don't take that trust for granted, and we understand that this incident may have shaken your trust in us.
Between August 11 and August 18, 2020, we experienced an intermittent and evolving DDoS attack directed against our infrastructure in the London (UK) data center.
The initial attack was a standard DDoS attack which attempted to overwhelm our infrastructure with cache-bypassing requests. We were able to mitigate that activity comparatively quickly with minimal impact to our customers.
On August 13, the attack shifted to an evolving series of sophisticated strategies. Repeatedly, our Engineering team analyzed the attack and deployed mitigating measures. However, it became apparent that the attacker was monitoring the effectiveness of their efforts, and as we mitigated one aspect of the attack, the attack strategy would change.
As time went by, our mitigation efforts were increasingly successful. Toward the conclusion of this incident our mitigation efforts were able to largely mute the impact of the DDoS attack. For example, between August 17 and 18, we detected many hours of DDoS activity. However, due to our mitigation efforts, during approximately 75% of that time our customers were unaffected by the attack. In addition, the DDoS activity resumed on August 24, and our Engineering team was able to mitigate that attack without significant impact to customer sites.
This incident has highlighted the need for two significant changes.
The first change is the creation of a specialized team with responsibility for security within our Engineering team. In the past, security has been the responsibility of our entire Engineering team. While our entire Engineering team will continue to have responsibility for monitoring and responding to security events, we've also made the decision to dedicate multiple full-time specialized personnel to that effort. This will result in deeper expertise, clearer assignment of responsibility, and a more effective response the next time we face a similar incident.
The second change we're making is the development of a Crisis Communication Workflow. During the course of this incident it became clear to us that we were not communicating frequently enough or providing sufficient information to our customers. Our intentions in this regard were good. In the past, when dealing with short-lived incidents, providing details after an event had been fully resolved has allowed our team to focus on solving the problem. When our team is fully-focused on solving the problem, the problem gets solved faster. However, what became clear to us is that this approach is not appropriate for long-lasting incidents, such as this DDoS event. During long-lasting events, it's critical that you, our customers, hear from us much more regularly and that you receive more detailed information. Toward that end, we have created a new Crisis Communication Workflow that will get information out to our customers much faster during long-lasting incidents in the future.
Kinsta exists to serve our customers. We've been blown away by the patience, kindness, and understanding our customers have shown us during this incident. We are committed to learning and growing as a team with the aim of living up to the trust you continue to place in us.