Skip to main content

The massive fanfic archive AO3 is back after a wave of DDoS attacks

The massive fanfic archive AO3 is back after a wave of DDoS attacks


Archive of Our Own experienced prolonged, intermittent outages as a cyberattack targeted its servers.

Share this story

Archive of Our Own logo
The group taking credit for the attack is threatening to keep the site down for weeks.
Illustration by Alex Castro / The Verge

The popular fanfiction platform Archive of Our Own (AO3) has been restored after a wave of distributed-denial-of-service (DDoS) attacks forced the website offline for over a day. AO3 first acknowledged the outage on the company’s official Twitter account on July 10th at 8.24AM ET, later confirming that the issue was caused by “a DDoS attack” — a malicious cybercrime in which threat actors overwhelm a server with traffic — “causing the servers to fall over.”

In an update on Tuesday afternoon, AO3 tweeted, “We’re back!” but noted that it “may need to do some work to optimize our shiny new Cloudflare setup.” When we tried going on the site ourselves, it took a little while to load, but we were able to access it.

A group claiming to be Anonymous Sudan has taken credit for the attack, and is demanding a ransom to stop the ongoing operation. The company said that because DDoS attacks don’t compromise private user data, there’s no need for users to change their password in response to the outage.

“All we can say at present is that we have not been directly contacted by anyone regarding the DDoS attack, so we have no confirmed reason of why the site is being targeted,” Claudia Rebaza, a spokesperson for the Organization for Transformative Works, the non-profit parent organization of AO3, tells The Verge. “We also currently have no timeline for the site being consistently back online. We expect things to slowly improve as our dedicated volunteer sysadmins continue to take measures against the attack.”

A group on the Telegram messaging service claiming to be ‘hacktivist’ organization Anonymous Sudan has taken credit for the attack. According to threat intelligence vendor Flashpoint, Anonymous Sudan has been active since January 2023, claiming responsibility for DDoS attacks against Microsoft and various companies around Europe, though it appears that the group has no credible affiliation with the country of Sudan or the previous Anonymous group that operated within it.

AO3 has warned that these claims should be taken with a pinch of salt. “A group presenting themselves as a collective of religiously and politically motivated hackers has claimed responsibility for the attack,” the platform tweeted on Monday. “Cybersecurity experts believe the group claiming responsibility is lying about their affiliation and reasons for attacking websites. View the group’s statements with skepticism.”

The Anonymous Sudan group initially claimed the attack would persist for up to 24 hours, but has since issued a ransom demand for $30k worth of Bitcoin, threatening to keep AO3 down for weeks if the company doesn’t comply. The Organization for Transformative Works (and its AO3 project) is entirely supported by user donations and run by volunteers, which means the company is unlikely to be able to afford such a ransom even if this threat is revealed to be genuine.

Update July 11, 2:04PM ET: Updated to add that AO3 is back online, and added a statement from a OTW spokesperson.