For more information about our Incident Response and Communications please read this support article.

We also maintain a list of Known Product Issues separate from this site here.

[Major] Customers May Experience Login Issues
Incident Report for Box

We recently addressed an issue affecting multi-factor authentication logins. We would like to further explain the issue and action items we had taken to prevent it from happening in the future.

Between 9:00 AM PST and 12:30 PM PST on November 6, 2023, some users experienced latency and difficulty logging into Box. During this time, users logging in to Box with multi-factor authentication may have encountered slow responses or failures during the login process. Upon investigation, we determined that the cause of this issue was the result of a single enterprise repeatedly retrying programmatic session termination calls for all its users, which temporarily overburdened the multi-factor authentication service. The issue was resolved when the user was temporarily prevented from using the session termination API.


The issue occurred due a confluence of factors relating to our session termination API and multi-factor authentication service. Specifically, at the time of this issue, our session termination API did not have a rate limiter in place, which allowed a customer to repeatedly call the API with an excessive number of requests to the multi-factor authentication service. The multi-factor-authentication service additionally did not rate-limit the specific call made to it by the session termination API. Finally, the internal retry logic for timed-out requests continued to load the multi-factor authentication service. As a result, due to the unusually high session termination calls, our multi-factor authentication service became overburdened and resulted in the temporary impact to users.

Corrective Actions

The following corrective actions have been completed or are planned:

  • Adding rate limits to the session termination API and the multi-factor authentication service.
  • Enhancing dashboard and alerts related to session termination API and multi-factor authentication.
  • Optimization of the logic between the session termination API and multi-factor authentication service to improve throughput.
  • Investigation of retry logic to prevent perpetuating overload situations.

We are continuously working to improve Box and want to make sure we are delivering the best product and user experience we can. We hope we have provided some clarity here and we would be happy to answer any questions you may still have regarding this matter. 


The Box Team

Posted Nov 28, 2023 - 11:17 PST

After further monitoring, this incident is now considered resolved. Box logins has been restored to full functionality. If you continue to experience any issues, please contact Box Support at
Posted Nov 06, 2023 - 10:56 PST
Our team has taken steps to remediate this issue and are seeing improvement for Box logins. We are continuing to monitor for any additional impact.
Posted Nov 06, 2023 - 10:07 PST
Our team continues remediation efforts to restore full functionality to Box logins. We will provide additional updates as they become available.
Posted Nov 06, 2023 - 09:50 PST
Our team has identified the underlying cause of this issue and is working to take remediating steps. We will provide additional updates as they become available.
Posted Nov 06, 2023 - 08:19 PST
We are continuing to investigate this issue.
Posted Nov 06, 2023 - 07:38 PST
We are currently investigating an issue in which user's are encountering difficulties when logging into Box. We will provide more information as soon as it is available.
Posted Nov 06, 2023 - 07:29 PST
This incident affected: Box Web Application (Login/SSO).