Temporary platform instability

Incident Report for Sumsub

Postmortem

Incident Timings

  • 01 Aug 2025: 14:55 UTC – 15:05 UTC
  • 02–03 Aug 2025: Several periods between 21:05 UTC (Aug 2) and 02:05 UTC (Aug 3)

Incident Summary
During the specified timeframes, the Sumsub platform was targeted by several waves of Distributed Denial of Service (DDoS) attacks. In response, we promptly activated and escalated multiple mitigation strategies to maintain platform stability and ensure continuity of service.

As part of these countermeasures, the following actions were taken:

  • Blocking malicious requests at the edge using Cloudflare.
  • Temporarily blocking traffic from specific Autonomous System Numbers (ASNs) across the entire sumsub.com domain, impacting services such as the API, Cockpit, and website.

These network-level restrictions were applied dynamically, based on the origin and behavior of the incoming traffic at any given moment. Unfortunately, this may have caused temporary disruptions for legitimate users in certain regions, including Vietnam and Lithuania (particularly on Sunday).

While these measures may have impacted service availability for some users, they were essential to prevent a complete global service outage.

Root Cause
The root cause of the disruptions was a high-volume DDoS attack targeting multiple service endpoints, combined with regionally distributed attack vectors that required aggressive filtering based on ASN and geolocation.

Action Plan

  • We will enhance our Cloudflare protection settings to better absorb and filter future attack patterns.
  • Based on the attack patterns observed, we plan to develop more tailored manual security responses to improve our agility during active incidents.
  • As a result of the attacks, we have identified certain infrastructure bottlenecks and will strengthen system resilience under high load.

Conclusion
Despite the scale and persistence of the DDoS attacks, our team responded swiftly and effectively. The impact on our users was minimal — with individual periods of instability never exceeding 15 minutes at a time.

These events serve as a valuable opportunity to further improve our defenses and make our platform even more resilient. We’re using this experience to strengthen our infrastructure and response strategies, ensuring we continue to provide the highest level of reliability.

Thank you for your continued trust and support. If you have any questions, please don’t hesitate to reach out to our Support team.

Posted Aug 04, 2025 - 15:16 UTC

Resolved

Our Engineering Team has confirmed the incident is fully resolved, no issues have been found during the monitoring phase.

A postmortem will be published later.

Please contact our Support should you have any questions or issues related to this incident.

Thank you!
Posted Aug 01, 2025 - 17:02 UTC

Monitoring

The attack has been successfully mitigated, and the platform is now stable. All systems are operating normally.

We’re continuing to monitor closely for the next hour to ensure there's no consequence left.
Posted Aug 01, 2025 - 16:07 UTC

Investigating

We are currently experiencing a Distributed Denial of Service (DDoS) attack which is impacting the stability of our API and platform. Some users may encounter slower verifications or temporary unavailability of service.

Possible API timeouts can happen as well.

Our engineering team is actively working to mitigate the issue and restore full service. Protective measures are being deployed, and we’ll continue to provide updates as we make progress.

Thank you for your patience and understanding.
Posted Aug 01, 2025 - 15:25 UTC
This incident affected: API, WebSDK, and MobileSDK.
Current Status Powered by Atlassian Statuspage