USSUP-161 Email2sms Outage
Incident Report for 2sms LLC
Postmortem

Cause:

Email2sms services stopped processing traffic due to an issue with IMAP4 authentication. This issue was escalated to Microsoft who later confirmed that they had disabled IMAP4 on our office365 tenant in advance of the confirmed scheduled switch off October 1st.

 

Detection:

Our internal monitoring had triggered a service alert to the staff who begun first responses and investigations.

 

Scope of incident:

This incident would have affected any customers that tried to use the email2sms service. Message send requests would have either been rejected or queued depending on the service implemented. For the messages that were queued they would have been processed immediately upon the incident resolution.

Corrective Actions:

All attempts were made to resume the services and failover services. When services could not be resumed the issue was escalated with Microsoft Office 365 support and escalated with our account manager. Microsoft 365 Support responded stating that they had temporarily disabled IMAP4 authentication ahead of its depreciation and had then re-enabled the IMAP4 authentication for our tenant. They stated that the change had been in anticipation of the protocol retirement scheduled for October 1st. 2sms was not given advanced notice of this change nor any control over the service switch off.

 

Preventative actions:

 In anticipation of the October 1st retirement of the planned IMAP4 authentication we have been working on scheduled tasks to make the necessary changes to our services to ensure continued operations. There was no forewarning of the event that caused this incident. We are working to expedite the changes to minimise any future repeat occurrence and are in contact with Microsoft regarding the lack of notification.

Internal audit:

 The security incident has been fed into the ISMS and will be part of the review cycle documents for the November 2022 surveillance audit process.

 

External audit:

 The security incident will be reported to the external accredited ISO27001:2013 auditor Certification Europe and will be part of the review cycle for the January 2023 surveillance audit process.

 

GDPR:

 This incident did not compromise PII (Personally Identifiable Information).

Posted Aug 15, 2022 - 14:27 UTC
Resolved
Azure Confirmed outage and restored affected service. No Further errors and system functionality re-instated
Posted Aug 15, 2022 - 06:00 UTC
Update
We are continuing to see failures, and have contacted Microsoft Azure Support
Posted Aug 13, 2022 - 22:45 UTC
Monitoring
Email2SMS services are severely disrupted. We are investigating
Posted Aug 13, 2022 - 15:45 UTC
This incident affected: Email2sms.
Current Status Powered by Atlassian Statuspage