Daily fantasy sports operator DraftKings has confirmed that it was subjected to a denial of service attack last month with its website flooded with three times the normal weight of requests for information. The attack lasted for circa 20 minutes it said.
In the wake of the DDoS, the company has been given permission by a Massachusetts federal judge to seek out the identities of those who launched the attack. According to DraftKings, the IP addresses of those involved in the attack were traced back to several service providers. The court order will allow them to subpoena those providers.
The attack came just days after the firm’s high profile launch of its new sports betting operation in New Jersey and only one month before the opening of the NFL season. However, it maintains that there is no evidence linking the DDoS to either of those events. It added that no confidential customer or company information was stolen during the attack.
DraftKings told SBC Americas: “We recently detected and immediately responded to a denial of service (DDoS) attack. No confidential customer or company information was compromised. However, DraftKings takes security very seriously. This filing is a necessary step to identify the responsible parties and hold them accountable for their actions.”
The biggest DDoS attack to date took place in February this year against GitHub, a popular online code management service used by millions of developers. At its peak, the attack saw incoming traffic at a rate of 1.3 terabytes per second (Tbps), sending packets at a rate of 126.9 million per second. Fortunately, GitHub was using a DDoS protection service, which limited the world’s largest DDoS to around 20 minutes.