The following is a summary of our impact analysis. As of 13:50 CEST all systems affected by the DDoS attack on our hosting service provider are back online.
1. ProcessingHub processes cannot be started from a Salesforce org.
Minimal impact. Only a delay could be experienced. Processing as such was not affected.
2. Failed data load jobs could not be retried.
Minimal impact. Failed jobs could be retried as soon as the outage was over.
3. ProcessingHub Manager was inaccessible.
No impact on operations per se. ProcessingHub Manager was just not available during the outage.
4. Customers that use the Payment API v2 with Stripe or Redsys were not able to accept new payments. The redirect to checkout pages was broken.
Any payment attempt through API v2 with Stripe or Redsys could not be successfully redirected to the checkout page. This prevented the payer from submitting payment details and completing payment.
The asynchronous part of the payment attempt, however, was completed. For each payment attempt during the outage, the following data can be found in Salesforce and used for impact analysis:
- Message record
- Inbound Report record
- Installment (with an open status)
- New Contact and/or Account (if not already in org)
- New Payment Profile (if not already in org)
- New Mandate
- New Recurring (if applicable)
5. Customers that use the Payment API v2 with GoCardless, Mollie, PayPal and SIX Saferpay were able to accept new payments, but the Thank You redirect was broken.
Payers were able to enter their payment details and complete the payment. However, they were not redirected to the Thank You page confirming the successful payment. Instead, they saw a “cannot be reached” error page, which may have caused some confusion.
6. Giving Pages were not reachable.
During the outage, no donations could be made through Giving Pages because the pages were not reachable.
7. Notifications over the Payment API v2 sent by PSPs were not received, meaning that data in Salesforce was not updated as normal. However, PSPs generally retry sending notifications.
There could possibly be some data impact. However, if a PSP retries after the outage, we do not see a reason to believe the data impact would remain. In other words, the retry should rectify any temporary impact..
The affected FinDock services seem to be up and running again. Please contact FinDock Support if you still experience issues.
We continue to investigate impact and potential required actions.
At 10:08 CEST today, we began experiencing issues with the findock.com domain which are affecting FinDock services and integrations. We immediately began working with our hosting service provider to resolve the problem as quickly as possible.
The incident, an apparent DDoS attack, is under investigation and not completely resolved. As of 11:50 CEST, services are coming back online gradually.
In our initial impact assessment, we have determined that:
- Processes that were running before the incident began completed normally, including pushing data to Salesforce.
- Notifications over the Payment API v2 were not received, meaning that data in Salesforce was not updated as normal. However, PSPs generally retry sending notifications.
During the outage, we have determined that:
- ProcessingHub processes cannot be started from a Salesforce org.
- Failed data load job processes could not be restarted.
- ProcessingHub Manager was inaccessible.
- Customers that use the Payment API v2 with Stripe or Redsys were not able to accept new payments. The redirect to checkout pages was broken.
- Customers that use the Payment API v2 with GoCardless, Mollie, PayPal and SIX Saferpay were able to accept new payments, but the Thank You redirect was broken.
- Giving Pages were not reachable.
We will continue to monitor the situation closely and publish a full report of the incident once we have all the details. In addition, FinDock is assessing and planning actions to ensure contingencies are in place to avoid this sort of incident in the future.