Dear customers and well-wishers:
We have turned the corner. We fought back over a week of repeated criminal DDoS attacks designed to disrupt the services we offer our customers. Our services are now back to normal, although there are still several customers with hiccups that we are working hard to fix. We are stronger, but we continue to remain very vigilant.
But first, we want to thank you – our customers. The overwhelming support we had from all of you during this crisis was absolutely humbling. Many of you suffered large disruptions to your businesses. Many of you who host your sites with us were down. Email did not work for many of you. Like us, you couldn’t reach your customers. You had an emergency of your own, your own crisis. Despite all this, the vast majority of you understood the extreme circumstances, believed in our sole intent and desire to get you up and running again, and put your faith in us. The many messages of support and encouragement we received from you stiffened our resolve to deny the criminals what they sought.
You were there when we needed you most. We thank you deeply.
The attacks were intermittent over six days and there were several of them. We had started to mitigate them even around the second or third attack, although we chose not to make this public at that time. We knew that such attacks are often cover for other attacks intended to infiltrate networks and steal or compromise data. We watched for them. None were detected and no data was ever breached. A demand for a ransom followed each attack. We refused to pay. We never will.
During and since the attacks, we erected several and multiple defenses in our infrastructure. We continue to work with multiple vendor solutions, including our own, to build safeguards and layers of defense. For all the obvious reasons, we will not discuss these methods publicly. We live in a world where such attacks will likely get more frequent. Just as we get more sophisticated, so will future attackers. But you can rest assured that we will spare nothing to protect Zoho and you from them.
We owe huge thanks to our own teams. This was during the biggest festival of India – Diwali – but for seven days all hands were on deck, round the clock. Product managers took on customer support. Software engineers and architects joined network and infrastructure engineers, so we make better decisions. Caterers wrote code. (OK, so that last part is an exaggeration!). Our internal communication channels were impeccable. Externally, we did our best to bring you timely and honest updates. Our CEO Sridhar was running amuck on Twitter, taking customer questions, providing updates, even troubleshooting technical issues for them on the fly! It will take a much bigger storm to halt him. We are hugely fortunate to have an abundance of talent and resolve in our people.
We have certainly come out stronger at the end of this tunnel. Our infrastructure, our people, and our processes are much more hardened. Our services are back to normal and we will do everything to keep them that way. We will continue to work with the many of you who still have service issues that need resolution. Please continue to use the support lines and Twitter (@zoho) to reach out to us. We will be on them.
We thank you once again for your patience and support at a time when it really counted. We’ll do everything to repay your trust and make sure you will continue to stay with us. And we will do it the way we know best – by building the best products to serve you.