[Critical] Issues with Multiple Box Services

Update timeline

1. investigating Jan 08, 2026, 01:39 AM UTC

   We are investigating an ongoing issue affecting Login, Public API, Uploads, Downloads and Box Notes. We will provide more information as soon as it is available.

2. investigating Jan 08, 2026, 01:58 AM UTC

   We are continuing to investigate this issue.

3. identified Jan 08, 2026, 02:05 AM UTC

   The problem has been identified, and we are observing a trend towards recovery.

4. monitoring Jan 08, 2026, 02:13 AM UTC

   Our team has taken steps to remediate this issue and is seeing improvement for the impacted services. We are continuing to monitor for any additional impact.

5. resolved Jan 08, 2026, 02:37 AM UTC

   After further monitoring, this incident is now considered resolved. Our teams have validated that all affected services are restored to full functionality. Please contact Box Support at https://support.box.com/ if you continue to experience any issues.

6. postmortem Jan 08, 2026, 11:59 PM UTC

   We recently addressed issues affecting Box. We would like to take the opportunity to further explain these issues and the steps we have taken to keep them from happening in the future. ‌ On January 7th, 2026 between 5:10 PM and 5:50 PM PST, some customers experienced elevated errors and timeouts across multiple Box experiences, including Login, Uploads/Downloads, Box Notes, and the Public API. These issues were caused by a series of changes that triggered a request storm that overloaded our caching fleet. We resolved this by initially rate limiting background traffic and then rolling back the changes. ‌ **Analysis** On January 6th, a new feature was deployed that increased the utilization of one of our cache backends. That feature, in isolation, did not cause any problem. On January 7th, at 3:30 PM PST, another application change was rolled out that increased the traffic on the same system. Combined, these two changes significantly decreased our capacity buffer on some of our cache systems. ‌ On January 7th at 5:00 PM PT, another unrelated application change was released which created a short traffic spike in the cache system. This spike would have been handled without problems in a normal situation, but the reduced capacity buffer in our cache system created some temporary slowness and retries. Unfortunately, one critical code path that had been migrated to a newer infrastructure had a more aggressive retry policy than the old one. As a result, a retry storm increased the traffic progressively to our caching infrastructure. This traffic increase was not evenly balanced, as it was mostly targeting the few servers that were suffering under the load. The peak impact window was felt between 5:30PM and 5:50PM. ‌ To resume normal operations, we deprioritized some background traffic to increase the capacity of our cache system, and rolled back the changes that were causing the elevated traffic. ‌ **Corrective Actions** Box has initiated the following corrective actions: * Implemented a more conservative retry control policy \(to prevent retry amplification during partial failures\) * Improved handling of cache-related failures to reduce cascading effects * Enhanced monitoring and alerting of our capacity buffers to identify the impact of sudden traffic spikes on our cache systems ‌ We are continuously working to improve Box and want to make sure we are delivering the best product and user experience we can. We hope we have provided some clarity here and we would be happy to answer any questions you may still have regarding this matter. ‌ Sincerely, The Box Team