I used to be a front-end web developer and hosted about a hundred websites on my own server. That being said, I wanted to explain what little bit I've learned about the phenomenon. I am by no means an expert though.
A DOS attack CAN crash a server completely, but most of the time it doesn't. It studders the server more than anything. Makes it crawl...
A simple way to cause a DOS, constantly try to login with the wrong password over and over. This taps the server spiking server resources each time. A single person doing this wouldn't be enough to cause this kind of strain on the server. Unless, they wrote a program to do this with multiple VPS instances on their PC.
Fixing a DOS is NOT easy. You need to know where it is coming from. Services like a VPN or Tor mask where it is coming from. Most CACHE services like Cloudflare have most malicious IP's already blocked. I'm sure Bungie is using a service like this. This means the DOS attacks are most likely new, and most likely caused by multiple people using multiple VPS instances on a Server.
Sometimes, accidentally a DOS can happen. A site like Light.gg could have a bug in their code that continuously taps Bungie API(thousands of requests per 0.1 seconds). Although, if this were the case, Bungie would be able to identify it quickly and do something about it, like: cut them off, or contact them and ask that they fix it.
Odds are this is a coordinated attack by people who are pissed at Bungie about something, or a direct attack by competitor(which Bungie has none) to get you to give up and play their game instead. Or maybe a player hired a malicious company to do it for them.
DOS is more complicated that I have explained here. There are alot more variables involved. I'm just trying to keep it simple.
BTW, banning VPN's is not the answer either. A VPN IP is not always identifiable. In addition, the ones that are identifiable, you could end up blocking innocent players(hundreds, if not thousands). Not to mention the person can just move IP's and continue the attack.
In other words, fixing DOS are hard, unless its one person not on a VPN and using their real IP.
EDIT: I think the most likely scenario is that someone or persons hired a nefarious group on the dark web during the funny weapons glitch to stop people from being able to play during this time. However, the attacks didn't start until AFTER the glitch was patched because payment and setup take a little time to do. If this is true, then the person(s) wasted their money. Bottom-line: someone threw a hissy fit...
EDIT: some are saying Bungie should have DDOS protection. I would say I'm pretty sure they do. It comes standard with just about all web services nowadays. DOS protection is not 100% effective, just like condoms.
I would believe an attack like this could happen, given the right circumstances, yet what i have an Issue with, is bungie came out and explained the issue, and made sure to deflect from "Its not because of our patch/Update"
This is Sus, when the servers go super nova, they dont explain squat, but now they are so open?
I believe some one in the Programing department messed up, and its entirely on Bungie. Instead of Admitting Fault, they blame DDOS. The timing makes no sense.