Abnormal Security incident

Service Disruption due to widespread AWS outage

Major Resolved View vendor source →

Abnormal Security experienced a major incident on October 20, 2025 affecting Inbound Email Security (IES) and Portal Application and 1 more component, lasting 17h 1m. The incident has been resolved; the full update timeline is below.

Started
Oct 20, 2025, 07:48 AM UTC
Resolved
Oct 21, 2025, 12:49 AM UTC
Duration
17h 1m
Detected by Pingoru
Oct 20, 2025, 07:48 AM UTC

Affected components

Inbound Email Security (IES)Portal ApplicationEmail Productivity (EPR)Account Takeover Service (ATO)Security Information and Event Management API (SIEM API)AI Security Mailbox (AISM)Security Orchestration, Automation Response API (SOAR API)

Update timeline

  1. identified Oct 20, 2025, 07:48 AM UTC

    Starting at 06:55 UTC on October 20, 2025, Abnormal is experiencing service degradation across multiple security products due to infrastructure issues with a third-party cloud provider (Amazon Web Services). During this time, some customers may experience issues accessing Portal, delays in email processing, threat detection, and remediation activities. Abnormal is actively working with the provider to resolve the underlying infrastructure issues and will reprocess all affected emails once services are fully restored to ensure complete security coverage.

  2. monitoring Oct 20, 2025, 09:46 AM UTC

    AWS Infrastructure services are beginning to recover and Abnormal is actively verifying that all email security functionality has been restored. Our engineering team has initiated reprocessing of all messages from the affected time window to ensure complete security coverage. We will continue monitoring system performance and provide updates as we confirm full service restoration.

  3. identified Oct 20, 2025, 02:56 PM UTC

    Abnormal is seeing a resurgence of service degradation across multiple security products due to continued issues with AWS. During this time, some customers may experience issues accessing Portal, delays in email processing, threat detection, and remediation activities. Abnormal continues to actively work with AWS to resolve the underlying infrastructure issues and will reprocess all affected emails once services are fully restored to ensure complete security coverage.

  4. identified Oct 20, 2025, 04:39 PM UTC

    We are continuing to work on a fix for this issue.

  5. identified Oct 20, 2025, 05:15 PM UTC

    Abnormal continues to monitor service health while waiting for AWS services to fully recover. Our engineering team has prepared a plan to perform reprocessing of all messages from the affected time window to ensure complete security coverage. We will continue monitoring system performance and provide updates as we confirm full service restoration. Updates from AWS can be found here: https://health.aws.amazon.com/health/status

  6. identified Oct 20, 2025, 08:42 PM UTC

    AWS Infrastructure services are showing signs of recovery and Abnormal is actively verifying that Portal and all email security functionality has been restored. We will continue monitoring system performance and provide updates as we confirm full service restoration. Once services are fully available, we will initiate a reprocess for all messages during the impact window.

  7. monitoring Oct 20, 2025, 09:54 PM UTC

    Email detection and remediation services have recovered and live traffic is currently processing normally. Portal login availability has been restored as of 21:45 UTC. Abnormal engineers are now initiating reprocessing of all messages impacted during the incident duration to ensure complete security coverage. We will continue monitoring system performance to confirm full service stability.

  8. resolved Oct 21, 2025, 12:49 AM UTC

    All email security services remain stable and are operating normally. Engineers have initiated reprocessing of all messages sent during the incident window to ensure complete security coverage. If customers experience any further issues, please reach out to [email protected].