Back

Last Week’s Downtime: What Happened and What We’re Doing About It

On August 12th, 2021, Pingboard experienced an extended period of downtime and performance issues. We apologize–we know our customers rely on Pingboard and were disappointed by the interruption. One of our key values at Pingboard is “be transparent”, and we’re committed to upholding transparency in every circumstance. In the spirit of that value, we’ve prepared a detailed report on what happened, what it means for you, and what we’re doing to improve.

What happened?

On August 12th, 2021, Pingboard was targeted by a coordinated DDoS (distributed denial of service) attack by a malicious party. The attack sent an extreme amount of traffic to our sign-up and sign-in pages resulting in a prolonged period of degraded performance and sustained stretches of inaccessibility. We’ve included more details below, but have confirmed that this was not a security breach and no customer data was obtained by the attackers – your organization’s data remains secure.

Here’s a timeline of the attack and our response (all timestamps in CDT):

August 12, 2021

August 13, 2021

What does this mean for your Pingboard account?

No data breaches occurred. No customer data was obtained by the attackers. We’re confident about this for the following reasons:

  1. We successfully separated normal traffic from malicious traffic on the day of the attack and confirmed that all malicious traffic occurred on public endpoints (pages and resources available to the public that are designed not to require authentication).
  2. There is no evidence of brute-force or credential-stuffing attacks, which are commonly used to attempt access to private information (and for which Pingboard has mechanisms dedicated to protecting against). Last week’s incident was limited to DDoS attacks targeting public resources.
  3. Multiple reviews of our logs both during and after the incident reveal no evidence of a security breach.

Since the attack did not target private information and was only intended to render Pingboard inoperable until we paid a fee to the attackers (which Pingboard did not pay), the impact to us and our customers was limited to the app’s sustained period of downtime and instability.

What could we have done better?

What steps is Pingboard taking to improve?

We’re using the lessons we learned during this incident to better prepare for the future. We successfully fended off the attack and got things back to normal, but we’re not stopping to catch our breath until a number of improvements are made. Here are four steps we have committed to take:

We apologize, again, for the extended interruption in service and the inconvenience it caused. All of us at Pingboard thank you for your business and your continued trust. We’ll continue to work tirelessly to earn them.

If you have any questions, please reach out to help@pingboard.com and our support team will be happy to answer them.

Avatar
by Bill Boebel
Founder and CEO of Pingboard.
blog comments powered by Disqus