Infrastructure Historical

GitHub Suffers Largest DDoS Attack in History: 1.35 Tbps via Memcached Amplification

GitHub Engineering 28 February 2018 Indexed 16 Mar 2026

What happened

GitHub was hit by what was then the largest distributed denial-of-service attack on record, peaking at 1.35 Tbps. Attackers exploited publicly exposed Memcached servers, which amplify traffic by up to 51,000x. GitHub absorbed the attack with Akamai's Prolexic DDoS mitigation and was offline for only 10 minutes.[1]

GitHub website with DDoS attack traffic graph showing a massive spike — GitHub's traffic graph during the February 2018 attack — a 1.35 Tbps memcached amplification DDoS, the largest ever recorded at the time.Image: Bad.Technology archive

What went wrong

The attack exploited a design property of the Memcached protocol rather than a bug — UDP-based Memcached servers respond to spoofed source IP requests with massive amplified responses. Tens of thousands of internet-exposed Memcached servers provided the amplification infrastructure.[1]

Lesson learned

Stateless UDP services capable of significant amplification should never be exposed to the public internet. DDoS mitigation must be pre-integrated, not reactively arranged after an attack begins. The 10-minute recovery demonstrates how effective pre-arranged scrubbing can be.

Est. value burned ~$100M UPL: ~10M active developers × 0.33 hr × $65/hr × 0.5

Sources

[1]

GitHub Engineering Wikipedia
GitHub Suffers Largest DDoS Attack in History: 1.35 Tbps via Memcached Amplification Wayback Machine snapshot

External links can go dark — pages move, paywalls appear, domains expire. Every source above includes a Wayback Machine snapshot link as a fallback. All citations are best-effort research; if a source contradicts our summary, the primary source takes precedence.

What happened

What went wrong

Lesson learned

Sources

More in Infrastructure