Files incident

Inability to login: Unencrypted FTP connections only

Minor Resolved View vendor source →

Files experienced a minor incident on July 24, 2025 affecting FTP/FTPS, lasting —. The incident has been resolved; the full update timeline is below.

Started
Jul 24, 2025, 05:45 PM UTC
Resolved
Jul 24, 2025, 05:45 PM UTC
Duration
Detected by Pingoru
Jul 24, 2025, 05:45 PM UTC

Affected components

FTP/FTPS

Update timeline

  1. identified Jul 24, 2025, 05:38 PM UTC

    We are aware of an issue preventing certain logins to the FTP services in all regions. This incident only impacts unencrypted FTP connections to the Files.com platform. Encrypted FTPS connections are not affected at all by this incident. Unencrypted FTP is not supported by default on the Files.com platform. This incident only affects customers who have enabled unencrypted FTP on their sites. We are currently working to resolve this incident and we will post an update here when more information is available.

  2. resolved Jul 24, 2025, 05:45 PM UTC

    We have resolved an issue that prevented certain unencrypted logins to FTP services in all regions. This incident only impacted a portion of unencrypted FTP connections to the Files.com platform. Unencrypted FTP is not supported by default on the Files.com platform, so this incident caused issues for only a small number of customers. Encrypted FTPS connections were not affected at all by this incident. The incident affected different users at different times between 16:27 UTC and 17:39 UTC.

  3. postmortem Jul 28, 2025, 06:10 PM UTC

    From 16:27 UTC to 17:39 UTC on 24 July 2025, a subset of customers who rely on unencrypted \(plain\) FTP experienced login failures via FTP. Encrypted FTPS/SFTP services, API calls, automations, and all other platform functions operated normally. At 16:27 UTC we released a security enhancement to our FTP services related to our sunset of legacy 3DES ciphers \(which were previously only used by a very small number of customers who had explicitly opted in to this\). The new validation contained a logic error which mistakenly applied to plain FTP sessions as well. Because plain FTP contains no relevant cipher, every attempt was rejected with an “insecure cipher” error. Users who had existing cached sessions continued to operate, which masked the problem for roughly 20 minutes, delaying detection by our automated monitors. Once the cache expired, customers relying on unencrypted FTP began to fail authentication consistently. We identified the faulty code, fixed the logic, redeployed the service, and cleared all caches. The last observed customer error occurred at 17:39 UTC. Plain FTP is disabled by default on the [Files.com](http://Files.com) platform; only customers who had explicitly enabled it were at risk. All encrypted protocols \(FTPS, SFTP, HTTPS, AS2, WebDAV, API\) remained fully operational. We know customers depend on [Files.com](http://Files.com) for critical workflows and we failed to uphold that trust for those affected. We apologize for the disruption and appreciate your continued confidence in our service.