PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Biggest DDoS Attack on Record Hits Github

The IT infrastructure that powered Wednesday's attack is ripe for abuse, security firms say.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

A new way to amplify distributed denial-of-service attacks ended up harassing Github on Wednesday. The ensuing DDoS attack generated a flood of internet traffic that peaked at 1.35 Terabits per second, making it the largest on record.

Fortunately, the software development site survived the disruption and was only down for few minutes, Github said on Thursday. Akamai, a DDoS protection provider, managed to fend off the assault.

The bad news? The Github attack may be an omen of things to come. The IT infrastructure that powered Wednesday's assault is apparently ripe for abuse. "It is highly likely that this record attack will not be the biggest for long," Akamai warned in a blog post.

DDoS attack Github

The last time the world saw a 1 Terabit DDoS attack was in 2016. The Mirai botnet, an army of infected computers, managed to bombarded a cloud provider in France with 1.1 Tbps in traffic.

Powering the attacks was how the Mirai botnet had infected tens of thousands of vulnerable IoT devices to generate the internet traffic. However, Wednesday's attack on Github was different. It didn't rely on any botnet. The assault actually leveraged what's known as a "memcache server," which is usually hooked up to a data center.

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

As the name suggests, these servers are designed to cache data and speed up web applications and internet sites. However, that same technology can be used to amplify certain internet traffic by up to 51,000 times, according to Cloudflare, another DDoS protection provider.

This can be done when a memcache server spoofs the IP address of an actual website, like Github. The servers can then mistakenly send a flood of data to the victim website, overwhelming it with traffic and taking it offline.

Memcached Map

It doesn't help that many of the memcached servers are running on the open internet. Akamai has noticed over 50,000 vulnerable systems across the globe —making them potential assets hackers can use in DDoS attack schemes.

Last November, Chinese security researchers warned about the potential threat, which is now real. In the past week, both Cloudflare and Akamai have been noticing a wave attacks powered by the memcached servers, but the GitHub assault appears to be the largest so far.

To stop the abuse, DDoS providers like Cloudflare are urging the owners of memcached servers to firewall them or disable part of their functionality.

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio