DDoS takes Atlassian offline

Customers of Sydney-based software start-up Atlassian were unable to connect to their SaaS-delivered services this morning due to a distributed denial-of-service attack.

At 10am this morning, customers reported network timeouts to engineers at Atlassian’s St Louis-based hosting partner, Contegix.

An hour later, Atlassian apologised to customers on its Twitter feed.

“Apologies for the current outage.. we are experiencing some technical difficulties at our data centre,” Atlassian staff tweeted.

Just before 3.40pm, the company revealed that the attack was levelled at its distributed code hosting service, Bitbucket.

It described denial of service attacks as a "rite of passage for any popular service", explaining that existing defences allowed Atlassian and its providers to "quickly reduce the impact and time of the attack".

"Today, Atlassian's distributed code hosting service Bitbucket was subject to a distributed denial of service attack, taking down Bitbucket for almost an hour, with some impact on other Atlassian services and websites," the company stated.

"Atlassian's datacentre and network providers have blocked the attack and mitigated the impact to its customers. At the time of writing almost all Bitbucket customers are returned to full service, and efforts are continuing to restore full service for remaining customers."

Atlassian customers include Deutche Bank, NBN Co, Microsoft, Adobe, Cochlear, BMW, HSBC, Suncorp, Boeing, the BBC, Telstra, News Interactive and Australia's Department of Broadband (DBCDE).

Contegix confirmed at 11:30am that one of its customers had been targeted in a denial of service attack, which took out one provider and provided “some intermittent network performance issues for other customers.”

The company did not identify any particular customer as the target of the attack.

The attack resumed 15 minutes later. Contegix said the problem was isolated to the attack target by 11:40am and said it was working with upstream providers to block the DDoS traffic.

All Atlassian sites beyond its home page remained offline until around 12:45pm.

The company referred customers to the Contegix status page for service updates.

Atlassian was also attacked in mid-2010, exposing customer data.

Updated at 4.10pm to include Atlassian's comments about Bitbucket.