On Monday 31st of August WOZTELL suffered a DoS attack that lasted twelve hours. During attacks of this kind, a server constantly receives thousands of requests (for example to access a service). This means that when a real customer request enters the server, it will either take longer to be seen or will not be seen at all.
During this attack, we received an email demanding a determined amount as payment; the email went on to say the attack would be withdrawn immediately after the payment was made.
Our crisis cabinet, composed of our CEO, COO, CTO, and Customer Growth Manager, convened and decided to react and work with our service providers to solve the problem as soon as possible.
To summarize, for a duration of seven hours, our clients had service problems with incoming and outgoing WhatsApp messages.
No issues ensued with communication between final users and our client’s WhatsApp numbers. The attack impacted the synchronization services between the host platforms for incoming messages and the platforms from where outgoing messages are launched.
We activated our communication plan and monitored, in real-time, all comments or questions received through our contact center, social media, etc.
What have we learned and what can we improve?
Listening to our affected clients, we have come to understand their biggest frustration was the belief that incoming messages from their customers were lost and that they may lose potential customers. To reduce this stress we are working on implementing alternate communication routes that enable us to migrate our client’s communication system to an alternate environment, so they may always have access to their information.
We will also work on having an optional automatic end-user alert message within your own Woztell usage console.
Communication Improvements between WOZTELL and our clients
We have found that, often, 24 hours after we send our notifications and advice on how to administer as a client, it still has not been read.
People no longer with the company, generic contact emails, or the sales department are not the ideal recipients of these notifications should anything occur.
For all of these reasons, we are working on the improvement of our onboarding process so we may guarantee that all our client contacts for all technological or urgent matters are appropriately registered and that this contact person has an emergency channel available to reach our support team.
We regret any inconveniences caused to our clients and partners who have trusted us and our passion. Although we cannot guarantee we will not suffer another attack, we do guarantee we will be better prepared.