Resolved -
This incident has been resolved.
Jun 12, 12:00 AEST
Monitoring -
A fix has been implemented and we are monitoring now.
Jun 12, 10:15 AEST
Identified -
Our team has identified a potential security issue and, as a precaution, we’ve temporarily taken the CloudPBX portal offline to apply a critical update.
We’re working to restore access as quickly as possible and expect services to be back online shortly. Thank you for your patience and understanding.
Jun 12, 10:01 AEST
On Monday, 10 June, we experienced a service degradation affecting our primary SIP gateway, resulting in a brief interruption to inbound calling. The issue was caused by human error during the rollout of a new monitoring process, which inadvertently introduced instability into our high-availability load balancing systems.
The root cause was identified and mitigated quickly; however, the disruption impacted several critical load-balancing components before full service was restored.
While we typically avoid deploying changes during business hours, a security event on 7 June — a Distributed Denial of Service (DDoS) and credential stuffing attack — necessitated the urgent release of an emergency patch, which led to the unscheduled deployment and this incident.
We apologise for the disruption and appreciate your understanding as we continue to improve the resilience of our platform.
Jun 10, 02:00 AEST
Resolved -
On Friday, 7 June, we experienced a distributed denial of service (DDoS) attack combined with a credential stuffing brute-force attempt. The attack originated from over 6,000 IP addresses, associated with a Canadian ISP, and targeted our authentication endpoints at a sustained rate of requests per second.
Our monitoring systems quickly detected the abnormal traffic patterns and elevated failure rates, triggering automated protection mechanisms.
In response, we implemented aggressive IP bans and temporarily disabled all authentication requests — including legitimate ones — until the malicious traffic was isolated and contained. While core voice services remained unaffected, some auxiliary systems, including faxing and email notifications, were inadvertently added to the banned IP jail. This misclassification was not identified for approximately 24 hours.
As a result, a small number of inbound faxes during this window were lost and are unfortunately unrecoverable.
We continue to actively monitor for further attacks and are implementing additional safeguards to harden our authentication infrastructure and improve service resilience.
Jun 6, 19:00 AEST