On June 3rd, from 6:30 PM to 7:00 PM, users experienced a performance degradation in the platform, making the browsing really slow. This occurred because one of our analysts was performing a DDoS attack on the site. At the same time, there was a failed deployment in production that halved the number of machines processing requests; half of them had the previous version of the app and were responding correctly, while the other half where stuck in a loop trying to deploy the new version which had issues. This attenuated the effect of the DDoS.
What we’ve done
After we detected the error, we immediately reverted that change, deploying a new version of Integrates without the bug so the whole fleet was available.
What’s the impact
The incident occurred outside of working hours, so only 3 users were affected, and they experienced a really slow platform, with group information taking too long to load or not loading at all.
What we are doing to help
We are constantly performing security tests over our own platform to discover these kinds of flaws. Right now, we are working on concurrency improvements to achieve a better performance. Also, this vulnerability was reported to our developer team and will be addressed shortly