On Friday, 7 June, we experienced a distributed denial of service (DDoS) attack combined with a credential stuffing brute-force attempt. The attack originated from over 6,000 IP addresses, associated with a Canadian ISP, and targeted our authentication endpoints at a sustained rate of requests per second.
Our monitoring systems quickly detected the abnormal traffic patterns and elevated failure rates, triggering automated protection mechanisms.
In response, we implemented aggressive IP bans and temporarily disabled all authentication requests — including legitimate ones — until the malicious traffic was isolated and contained. While core voice services remained unaffected, some auxiliary systems, including faxing and email notifications, were inadvertently added to the banned IP jail. This misclassification was not identified for approximately 24 hours.
As a result, a small number of inbound faxes during this window were lost and are unfortunately unrecoverable.
We continue to actively monitor for further attacks and are implementing additional safeguards to harden our authentication infrastructure and improve service resilience.