[Major] Issues with Logins

We previously addressed an issue that impacted a small percentage of users utilizing multi-factor authentication (MFA) while logging into Box and accessing the Box API. We would like to take this opportunity to explain the issue and the steps we have taken to prevent similar occurrences in the future.

Incident Summary

On February 14, 2024, between 11:00 AM PST and 11:32 AM PST, some users may have experienced difficulties logging into Box and using the Box API when MFA was required. This issue was caused by a temporary failure in an underlying network component provided by one of our third-party service providers. The disruption was automatically resolved when the service provider mitigated the issue.

Analysis

The issue originated from a temporary failure within a regional infrastructure component of our service provider, which supports functions such as request handling, load balancing, and metadata storage. This system is designed to dynamically scale and adjust compute capacity in response to demand fluctuations. However, an unexpected spike in demand exceeded its ability to provision additional resources quickly, leading to increased latency and service errors across multiple services in the affected region.

‌

As a result, authentication requests for MFA users on Box were impacted until the service provider was able to isolate and mitigate the issue.

Corrective Actions

To further enhance the resilience of our authentication services, we have implemented the following measures:

• Improved alerting for load balancers to detect and respond to service degradations more effectively.
• Assessment and implementation of direct fallback application profiles to minimize disruptions in the event of similar network-related failures.

‌

We remain committed to delivering a reliable and secure experience for all Box users. We appreciate your patience and understanding and are happy to answer any further questions regarding this matter.

‌

Sincerely,

‌

The Box Team