East Coast residents and some international users woke up Friday morning to discover that many their favorite websites were unavailable.

The outage lasted from 7:10 to 9:20 a.m. Eastern, but another attack was reported later in the day, and Twitter and other sites were down again as of at least 2 p.m. Eastern, even for West Coast web users.

The problem was attributed to a distributed-denial-of-service-attack against Dynamic Network Services Inc., a low-key Domain Name Service hosting provider that does business under the name Dyn. Though it isn’t in the headlines as often as higher-profile rivals such as Akamai Technologies Inc., the company recently landed $50 million in funding and processes traffic for thousands of major websites.

Among the most notable services that affected by today’s attack are Twitter, Amazon.com, Reddit, Spotify and Etsy. The outage reportedly also affected several enterprise companies such Box Inc. along with a number of leading publications including The New York Times. And countless other smaller websites likely experienced availability issues, too, if the complaints on social media are any indication.

The massive scope of this incident highlights the threat that DDoS attacks pose to website operators, especially amid  the rapid proliferation of connected devices. Hackers are abusing poorly secured endpoints to direct record-breaking amounts of malicious traffic towards their targets. Just last month, Brian Krebs’ popular security blog was knocked offline by 620Gbps worth of junk requests that have since been tracked back to a botnet made up by routers, IP cameras and DVRs. 

This growing phenomenon is driving the companies that support the Internet’s core components to step up their security efforts. Akamai, for instance, last month acquired a Sunnyvale, California-based startup called Soha Systems Inc. that has developed a tool for regulating external access to corporate networks.

CloudFlare Inc. also recently launched an attack mitigation service for its content delivery network that lets website operators filter malicious traffic based on parameters such as the source of requests. Dyn will no doubt follow its peers’ example and take a closer look at its DDoS defenses in the wake of today’s attack.

Image via Level3 Outage Map