TrekkSoft experienced a critical incident on June 11, 2024 affecting TrekkSoft Backoffice and TrekkSoft API and 1 more component, lasting 7h 49m. The incident has been resolved; the full update timeline is below.
Affected components
Update timeline
- investigating Jun 11, 2024, 07:16 AM UTC
We are currently experiencing an issue that is preventing bookings from being placed. The affected parts of the system include the Booking Widget, PoS desk, and the mPoS mobile app, which is currently inaccessible. Users who host their site via the Trekksoft Website Builder may also be unable to access their site. While channel manager bookings are still being taken via OTAs, they are not being processed on our system at the moment. We have identified the point of failure in our system and are actively investigating the root cause to find the quickest solution to restore booking functionality We will keep you updated and apologize for the inconvenience caused.
- monitoring Jun 11, 2024, 07:57 AM UTC
We have been able to isolate and produce a solution for the issue. Bookings appear to be working as expected on all channels now. We continue to monitor the system to make sure all systems are performing well.
- resolved Jun 11, 2024, 03:06 PM UTC
The incident has been resolved, and all Trekksoft functionalities are now operating normally. We will provide a postmortem of the incident in the coming days. We apologize once again for any inconvenience this may have caused.
- postmortem Jun 17, 2024, 12:39 PM UTC
**Incident Date:** Jun 11, 2024 **Incident Duration**: Approx 4 hours **Affected services:** TrekkSoft API, TrekkSoft Application, POS Desk, Backend Mobile Applications, Channel Manager **Incident Description:** June 11 at around 4.45AM our system alert triggered a high error rate, which we identified as an attacking IP address. **Impact:** The incident critically affected the functionality of most of our services \(which made it impossible to finalize any bookings\). The disruption caused a downtime of approximately 4 hours, being resolved at 9:30AM. **Resolution:** The incident was resolved by identifying and blocking the attacking IP address. We also identified expired SSL certificates that we migrated to a platform that secures the organization’s network. **Preventive Measures and Recommendations:** * Migrate custom domains with expired SSL certificates to security platform * WAF solution: Extension of our Web Application Firewall Solution to all our domains within TrekkSoft and of TrekkSoft merchants Rest assured that at TrekkSoft, maintaining a secure and reliable system is our highest priority. Over the upcoming days, we will implement the necessary measures to enhance our security. We apologize for any inconvenience this caused.