Twitter, Spotify, Reddit, Soundcloud and several other sites have been affected by two web attacks.
All the firms are customers of a company called Dyn, which they use to help users find their sites online.
In quick succession on Friday, Dyn has been swamped during two attacks that have made the sites of its customers hard to reach.
It is not clear who is behind the data deluges or why Dyn has been hit.
In a statement on its website, Dyn posted information about the incidents and said it had been subjected to Distributed Denial of Service (DDoS) attacks.
These attempt to overwhelm servers by bombarding them with huge amounts of data.
The first DDoS attack started early on Friday morning in the US and mostly affected more in the east of the country. The initial impact of the attack made some sites harder to reach as queries sent to locate them took longer to process.
Reddit, Twitter, Etsy, Github, Soundcloud, Spotify and many others were all reported as being hard to reach by users throughout the attack, which lasted about two hours.
Access to sites such as Paypal, Pinterest and Tumblr, as well as some cable firms, was also reported as being intermittent.
In a message posted to Twitter, and widely shared, Github said a “global event” was affecting Dyn, which had made its site hard to reach.
A second attack started later on Friday, which Dyn said used the same tactics as the first. A similar list of Dyn customers became harder to visit as a result of the attack.
Soon after the second attack was reported, the US Department of Homeland Security said it was looking into “all possible causes” of the attacks on Dyn.
The incidents mark a change in tactics as DDoS attacks are more typically aimed at a single site. Dyn acts as a directory service for huge numbers of firms, which helps customers keep global address books up to date with the location of their domains.
Richard Meeus, from security company NSFocus, said the attack showed how critical domain directory services were to the running of the net and how that they had often been “neglected” security-wise.
“It is treated as if it will always be there in the same way that water comes out of the tap and electricity is there when you switch it on,” he said.