Sumsub experienced a minor incident on August 1, 2025 affecting API and MobileSDK and 1 more component, lasting 1h 36m. The incident has been resolved; the full update timeline is below.
Affected components
Update timeline
- investigating Aug 01, 2025, 03:25 PM UTC
We are currently experiencing a Distributed Denial of Service (DDoS) attack which is impacting the stability of our API and platform. Some users may encounter slower verifications or temporary unavailability of service. Possible API timeouts can happen as well. Our engineering team is actively working to mitigate the issue and restore full service. Protective measures are being deployed, and we’ll continue to provide updates as we make progress. Thank you for your patience and understanding.
- monitoring Aug 01, 2025, 04:07 PM UTC
The attack has been successfully mitigated, and the platform is now stable. All systems are operating normally. We’re continuing to monitor closely for the next hour to ensure there's no consequence left.
- resolved Aug 01, 2025, 05:02 PM UTC
Our Engineering Team has confirmed the incident is fully resolved, no issues have been found during the monitoring phase. A postmortem will be published later. Please contact our Support should you have any questions or issues related to this incident. Thank you!
- postmortem Aug 04, 2025, 01:32 PM UTC
**Incident Timings** * **01 Aug 2025:** 14:55 UTC – 15:05 UTC * **02–03 Aug 2025:** Several periods between 21:05 UTC **\(Aug 2\)** and 02:05 UTC **\(Aug 3\)** **Incident Summary** During the specified timeframes, the Sumsub platform was targeted by several waves of Distributed Denial of Service \(DDoS\) attacks. In response, we promptly activated and escalated multiple mitigation strategies to maintain platform stability and ensure continuity of service. As part of these countermeasures, the following actions were taken: * Blocking malicious requests at the edge using Cloudflare. * Temporarily blocking traffic from specific Autonomous System Numbers \(ASNs\) across the entire [sumsub.com](http://sumsub.com) domain, impacting services such as the API, Cockpit, and website. These network-level restrictions were applied dynamically, based on the origin and behavior of the incoming traffic at any given moment. Unfortunately, this may have caused temporary disruptions for legitimate users in certain regions, including **Vietnam** and **Lithuania** \(particularly on Sunday\). While these measures may have impacted service availability for some users, they were essential to prevent a complete global service outage. **Root Cause** The root cause of the disruptions was a high-volume DDoS attack targeting multiple service endpoints, combined with regionally distributed attack vectors that required aggressive filtering based on ASN and geolocation. **Action Plan** * We will enhance our Cloudflare protection settings to better absorb and filter future attack patterns. * Based on the attack patterns observed, we plan to develop more tailored manual security responses to improve our agility during active incidents. * As a result of the attacks, we have identified certain infrastructure bottlenecks and will strengthen system resilience under high load. **Conclusion** Despite the scale and persistence of the DDoS attacks, our team responded swiftly and effectively. The impact on our users was minimal — with individual periods of instability never exceeding 15 minutes at a time. These events serve as a valuable opportunity to further improve our defenses and make our platform even more resilient. We’re using this experience to strengthen our infrastructure and response strategies, ensuring we continue to provide the highest level of reliability. Thank you for your continued trust and support. If you have any questions, please don’t hesitate to reach out to our Support team.