Oiiku - Webapp taken down due to suspected brute-force attack – Incident details

All systems operational

Webapp taken down due to suspected brute-force attack

Resolved
Major outage
Started 3 months agoLasted about 9 hours

Affected

Oiiku Webapp

Major outage from 6:35 AM to 8:35 AM, Operational from 8:35 AM to 3:23 PM

Updates
  • Resolved
    Resolved

    No further attacks since we took webapp back online. No valid app links was generated in the attack. No personal data was exposed. Will send email with "post mortem" to clients later tonight.

  • Monitoring
    Monitoring

    Measures to stop attack have been implemented. Does not seem like the attack has been successful. Webapp is back online. We will monitor closely and check all system logs to get the full picture.

  • Identified
    Identified

    We have verified that this is a brute-force attack. An automated attack by someone to test millions random app links, to find valid ones. We took webapp down to stop the attack, and protect personal data. We are implementing measures to block the attacker and will take webapp back online again as soon as possible.

  • Investigating
    Investigating
    We are currently investigating this incident.