We are continuing to monitor for any further issues.
Posted Apr 15, 2021 - 17:36 CEST
Update
We are continuing to actively monitor the situation.
Our initial mitigations - scaling up capacity - are having the desired effect: the situation has remained stable over the last 24 hours.
Our teams are continuing to work on the solution to mitigate this attack entirely.
Posted Apr 15, 2021 - 17:34 CEST
Monitoring
Since last week Friday, we have been facing availability issues with our developer portal services. Customer applications were not affected. We have seen intermittent issues specifically with the ability to log on to the Mendix Platform. Also, there were responsiveness issues with our developer portal services. We’re facing a distributed password reuse attack which uses credentials obtained from a 3rd party compromised resources. In essence, our login service is under load.
On Friday, we have scaled up our capacity that allow us to deal with the additional load, while we are working on a solution which is expected soon to mitigate the attack entirely. Our first analysis was that this would take care of user impact, but we’re still seeing many failed login attempts and service availability issues. Also, early yesterday and today, the high load on login caused an issue in a part of our infrastructure.
At this moment, we are working hard to stop the attack while increasing resources to mitigate any further consequences. We realise that the information we have been sharing so far has been generic. This was mainly due to the fact that we were not certain yet of the extent and the impact of this attack. We now are.
Customer applications have not been affected, and as stated, the issues did not affect the functioning of customer apps on the Mendix Cloud. The issues are contained to the developer experience. However, we strongly recommend everyone to frequently update their passwords to take the wind out of the sails of this type of attack. We’ll be posting updates as we progress towards stopping this attack while keeping our services up and running.
Posted Apr 14, 2021 - 17:58 CEST
This incident affected: Mendix Services (Project Management, Team Server, Deploy - Mendix Cloud).