Australian-based online marketplace startup Envato has been the target of a sustained distributed denial of service (DDos) attack this month.
Envato, which has over four million users, has been intermittently offline across the last two weeks, including for three hours last Friday and one hour on Sunday.
The company released a statement on Monday about the attacks, saying they don’t know who is behind it.
“The attacker, whose motive and identity are unknown, has repeatedly flooded our servers with high levels of traffic, causing our services to be unavailable at various times,” software development manager John Viner says in the post.
StartupSmart attempted to contact Envato for comment but did not hear back before publication.
Envato is an online network of eight marketplaces where users can sell creative assets for web designers. The company’s largest site is ThemeForest, which was listed among the top 100 most popular websites in the world last year, according to Alexa.
The DDoS attacks seem to have begun at the start of this month and are still continuing, with some users reporting outages on Wednesday.
“This is the largest incident of this type Envato has experienced and although we’ve been able to successfully restore service each time, our response times could have been faster,” Viner says.
Envato reported in April the total payments made to their community had reached more than $250 million, meaning there must be a lot of money lost during these downtimes.
Envato was founded by Collis Ta’eed, Cyan Ta’eed and Jun Rung in 2006, and has been entirely bootstrapped since then. It now employs about 250 people, mostly in Melbourne.
Despite the multiple attacks, Envato says no personal or financial information has been breached.
“Please know that your data is safe and we are fully committed to mitigating the situation and minimising future unplanned downtime,” Viner says.
Envato says it is now working on a range of developments to prevent these attacks in the future, including a dedicated team to deal with the issue at all times, DDoS mitigation service providers, and fast-track planned technical upgrades.
“We’re now better placed than ever before to detect and deal with attacks of this nature,” Viner says.
“It’s hard to predict what we’ll come up against in the coming days and weeks and we thank you in advance for your patience and understanding.”