Cyber attacks targeting a little known internet infrastructure company, Dyn, disrupted access to dozens of websites on Friday, preventing some users from accessing major sites including Twitter, Paypal, Netflix and Spotify in parts of the U.S. and Europe.
The U.S.-based DNS provider Dyn said its engineers "continue to investigate and mitigate several attacks aimed against the Dyn Managed DNS infrastructure."
Dyn told CNBC a third wave of attacks was underway following a day of disruptions that began at 1110 GMT.
It was not immediately clear who was responsible for the outages that began in the Eastern United States, and then spread to other parts of the country and Western Europe. The FBI said it is investigating the cause of the multiple cyber attacks.
The outages were intermittent, making it difficult to identify all the victims. But technology news site Gizmodo named some five dozen sites that were affected by the attack. They included CNN, HBO Now, Mashable, the New York Times, People.com, the Wall Street Journal and Yelp.
U.S. officials told Reuters that the U.S. Department of Homeland Security was also investigating.
The disruptions come at a time of unprecedented fears about the cyber threat in the United States, where hackers have breached political organizations and election agencies.
Homeland Security last week issued a warning about a powerful new approach for blocking access to websites - hackers infecting routers, printers, smart TVs and other connected devices with malware that turns them into "bot" armies that overwhelm website servers in distributed denial of service attacks.
Dyn said it had resolved one morning attack, which disrupted operations for about two hours, but disclosed a second a few hours later that was causing further disruptions.
Dyn initially said the outage was limited to the Eastern United States. Amazon later reported that the issue was affecting users in Western Europe. Twitter and some news sites could not be accessed by some users in London late on Friday evening.
PayPal Holdings Inc said that the outage prevented some customers in "certain regions" from making payments. It apologized to customers for the inconvenience and said that its networks had not been hacked.
In addition to the social network Twitter and music-streamer Spotify, the discussion site Reddit, hospitality booking service Airbnb and the Verge news site were among companies whose services were disrupted on Friday.
Amazon.com Inc's web services division, one of the world's biggest cloud computing companies, also reported a related outage, which it said was resolved early Friday afternoon.
Dyn is a Manchester, New Hampshire-based provider of services for managing domain name servers (DNS), which act as switchboards connecting internet traffic. Requests to access sites are transmitted through DNS servers that direct them to computers that host websites.
Its customers include some of the world's biggest corporations and Internet firms, such as Pfizer, Visa, Netflix and Twitter, SoundCloud and BT.
Dyn said it was still trying to determine how the attack led to the outage but that its first priority was restoring service.
Attacking a large DNS provider can create massive disruptions because such firms are responsible for forwarding large volumes of internet traffic.