On Saturday 18 June, 2022 at 5 a.m., Meister was the target of a DDoS (Distributed Denial of Service) attack. Please read on for important information about what this means for you, and what steps Meister has taken both to mitigate the attack and make sure there is no threat to you or your data.
This incident is now under control. No user data was affected. Please read on for a detailed description of the event and its effects.
In matters of security, our goal is to be as transparent as possible with our users. As part of this commitment, we would like to describe the nature of the recent attack and reassure users about the safety of their data while using the Meister Suite.
What is a DDoS Attack?
A Distributed Denial of Service attack is an attempt to disrupt the normal traffic and performance of a targeted server, service or network by overwhelming it with a flood of internet traffic. If you are interested, you can find out more about DDoS attacks via Cloudflare.
Often, cyber attackers use DDoS attacks to extract ransom money from affected companies: either to stop the attack or to reveal the vulnerability that made it possible.
What Happened?
At 5 a.m. CET on Saturday 18 June, the attacker used a botnet to run a DDoS attack on a Meister login page. This resulted in an outage for the page, which affected all Meister products.
Generally, our infrastructure is robust enough to withstand a large number of requests. However, on this specific page, every request created a record in a database, resulting in a full database memory that brought down the page.
In addition to the login page, MeisterNote was also unavailable to users for a short period of time during the outage. However, the issue was resolved very quickly by our technical team.
Meister received a message from the attacker with the “offer” to stop the attack in exchange for payment. However, Meister Security Manager Stefan Kröner explains the dangers of interacting with cyber criminals.
It’s about precedent. We can’t accommodate criminality and encourage harmful actors to attack legitimate companies. It only encourages them to continue.
What Steps Did Meister Take?
We used CloudFlare’s DDoS protection to prevent the attacker from reaching our servers. As a result, some legitimate users may have been blocked during the outage.
Following the attack, we also activated the CloudFlare protection page. These extra checks may result in slightly slower loading times on login pages.
We have also changed the login page so that it no longer has to write to the database.
What Does This Mean for Meister Users?
Essentially, there is nothing for Meister users to be concerned about.
The attack was dealt with swiftly and without consequence. No data was ever at risk or lost.
We rigorously and regularly check our systems so that we are well equipped to deal with any threats that emerge in future.
Meister would like to sincerely apologize for any inconvenience caused or any difficulty you might have experienced logging into your account during the affected time.
