Registered downtime 12th of July 2025

Update timeline

1. investigating Jul 12, 2025, 09:53 AM UTC

   We are currently experiencing an issue that is preventing bookings from being placed. The affected parts of the system include the Booking Widget, PoS desk, and the mPoS mobile app, which is currently inaccessible. Users who host their site via the Trekksoft Website Builder may also be unable to access their site. While channel manager bookings are still being taken via OTAs, they are not being processed on our system at the moment. We are actively investigating the root cause to find the quickest solution to restore booking functionality. We will keep you updated and apologize for the inconvenience caused.

2. identified Jul 12, 2025, 10:57 AM UTC

   Since 10:29am, our company experienced a targeted attack on several subdomains making the system unavailable. We are taking measures to stop the attack. We will keep you updated.

3. monitoring Jul 12, 2025, 12:51 PM UTC

   The situation seems to be stabilizing making all parts of the system available again. Custom domains are now accessible. Bookings appear to be working as expected on all channels now, and OTA bookings will beginning to be processed. The root cause of the issue was an attack. We will keep monitoring the situation to make sure all systems are performing well.

4. identified Jul 12, 2025, 01:13 PM UTC

   The attack has resume and the system is down again. We are taking measures to find a definite solution to stop the attack. We will keep you updated and apologize for the inconvenience caused.

5. monitoring Jul 12, 2025, 04:01 PM UTC

   Trekksoft Systems have been targeted today by a well coordinated cyber attack. Our teams have been working tirelessly to defend against this issue and have put in place several measures that have for now, reestablished normal functionality in all areas of the system. However we continue to see the aggressors make efforts to disrupt the system. We continue to monitor the situation and be on high alert until these attacks have subsided. We apologize for the inconvenience caused and will continue to provide updates.

6. resolved Jul 14, 2025, 12:41 PM UTC

   All Trekksoft functionalities are now operating normally. We will provide a postmortem of the incident as soon as possible. We apologize once again for any inconvenience this may have caused.

7. postmortem Jul 14, 2025, 01:29 PM UTC

   **Incident Date: Jul 12, 2025** Incident Duration: Approx 6 hours Affected services: TrekkSoft API, TrekkSoft backoffice, POS Desk, TrekkSoft Mobile Applications \(mPOS\), TrekkSoft Website Builder **Incident Description:** On July 12 at around 10:30AM CEST, our system experienced a significant Distributed Denial-of-Service \(DDoS\) attack that severely disrupted service availability across our platform \(Backoffice login page and subdomains\) Impact: The incident critically affected the functionality of most of our services, making it impossible for users to access booking information or create new bookings. Bookings done through Online Travel Agencies \(OTAs\) could not be processed by our system during this period. The total downtime lasted approximately 6 hours, with full service restored by 5:00PM CEST. **Resolution:** To mitigate the attack and restore services, we implemented the following measures: * IP blocking via Web Application Firewall \(WAF\) * Enforcement of CAPTCHA to limit automated traffic * Scaling our infrastructure up to better handling the load **Preventive Measures and Recommendations:** To strengthen our defenses and prevent similar incidents in the future, we are taking the following actions: * **WAF Expansion:** We will extend our Web Application Firewall \(WAF\) coverage to all TrekkSoft-managed domains, including those of our merchants, to ensure comprehensive protection across our ecosystem. At TrekkSoft, system security and reliability remain our top priorities. In the coming days, we will start implementing these measures to enhance our security. We apologize for any inconvenience this caused.