UK-based bookmaker William Hill has been hit with a distributed denial of service (DDoS) attack, preventing many of its customers from being able to access its main website.
The company had, earlier this week, (November 1st) revealed on social media that its website was experiencing “a few technical issues”.
We apologise as our site is still down. We appreciate this isn't ideal but we're working hard on a fix. Thanks for your patience.
— William Hill Betting (@WillHillBet) November 1, 2016
Later, on Twitter, it followed up this message with a tweet saying that it had restored some of its services, adding that they “were still not at 100%”.
We apologise as our site is still down. We appreciate this isn't ideal but we're working hard on a fix. Thanks for your patience.
— William Hill Betting (@WillHillBet) November 1, 2016
Finally, a day later, it revealed what had been behind the incident: “You’ve probably heard about a significant increase in DDoS activity directed at a number of online companies recently, it looks like it’s our turn.
It's been a long night. We've got some services back but we're still not at 100%.
Thanks for patiently letting us get back on our feet.
— William Hill Betting (@WillHillBet) November 2, 2016
Talking to The Register, a spokesman for William Hill stated: “The online services of William Hill were intermittently impacted during the course of yesterday following distributed denial of service (DDoS) activity by third parties.”
We're calling it a day but we know it's not been our best. Techies will be working through the night & Live Chat will answer your queries pic.twitter.com/uXd51f6Z5P
— William Hill Help (@WillHillHelp) November 2, 2016
Explaining what a DDoS attack is, an image attached to several of their tweets read: “DDoS activity sends bogus traffic to a website to try and make it too busy to work properly. It’s a bit like sending thousands of people to one of our shops to block the doors and stop genuine customers from coming in”.
As of this morning (November 4th), the issue has yet to be resolved. Responding to queries from some of its customers, it said it “didn’t have a timescale” for resolving the problems. However, it did add that it is working to “have it fixed ASAP”.
William Hill is the latest company to have been targeted with a DDoS attack in recent months. Only last month, numerous websites, including Reddit, Etsy, Tumblr and Twitter were caught up in a major IoT DDoS attack.
Reporting on the event, ESET’s senior security researcher Stephen Cobb said: “We have been shown just how vulnerable the internet, which is now an integral part of the critical infrastructure of the US and many other countries, is to disruptive abuse conducted at scale, by persons whose identity is not immediately ascertainable.
“Until this vulnerability is addressed, it will cast a serious shadow over the future of connected technology, a future in which much hope and massive resources have already been invested.”
Considering the company’s H1 revenue of £814m, a 24-hour outage could have cost the publicly-listed company roughly £4.4m, although the true figure is likely to be less as the outage affected only its online services and did not strike during any notable sports events.