For more information about our Incident Response and Communications please read this support article.

We also maintain a list of Known Product Issues separate from this site here.

[Medium] Increased FTP 530 Captcha errors

Incident Report for Box

Postmortem

We recently addressed issues affecting Box FTP and SFTP services. We would like to take the opportunity to further explain these issues and the steps we have taken to keep them from happening in the future.

From February 25th, 2026 at 9:20 AM PST to February 27th at 4:10 PM PST, some users may have experienced difficulties while working in Box. During this time, Box FTP and SFTP users may have seen CAPTCHA messages while logging in through FTP. The issue occurred due to a change in internal traffic routing which affected the Box FTP and SFTP services. We were able to resolve the issue by reverting the internal routing change and clearing CAPTCHAs for affected users. We are now working to harden the system against internal rate limiting going forward to prevent similar issues from occurring in the future. 

Analysis

On February 23rd at 8:20 AM PST, a change was made to send a subset of login traffic through a new route. After this change, no issues were observed and no customer issues were reported. On February 25th at 8:20 AM PST, a subsequent change was made to send more of the same login traffic through the new route. Roughly one hour after this change was completed, the Box FTP service started to receive an increased rate of CAPTCHA failures, blocking users from logging in. The second routing change was identified as the root cause and reverted on February 27th at 12:49 PM PST. After revert, a number of Box FTP users needed to clear an additional CAPTCHA. Box Support assisted in clearing the CAPTCHAs manually and by 4:10 PM PST, all Box FTP and SFTP login errors were resolved.

Our analysis determined that the root cause of this issue was a service that was added to the call stack in the new route. The service in question did not properly communicate rate limiting information sent by the Box FTP service. This led to Box FTP being internally rate limited, which prompted users to improperly complete a CAPTCHA when logging in to Box FTP.

Corrective Actions

Box has initiated the following corrective actions:

  • The service in question has been fixed to properly forward required rate limiting information.
  • We are implementing enhanced monitoring to enable faster responses in the case of similar occurrences.
  • A comprehensive review is being performed to find any instances of missing rate limiting information within the stack.

We are continuously working to improve Box and want to make sure we are delivering the best product and user experience we can. We hope we have provided some clarity here and we would be happy to answer any questions you may still have regarding this matter. 

Sincerely,

The Box Team

Posted Mar 05, 2026 - 14:43 PST

Resolved

After further monitoring, this incident is now considered resolved. FTP and SFTP service has been restored to full functionality. If you continue to experience any issues, please contact Box Support at https://support.box.com.
Posted Feb 27, 2026 - 15:51 PST

Update

We are continuing to monitor for any further issues.
Posted Feb 27, 2026 - 14:58 PST

Monitoring

A fix has been implemented and we are monitoring the results.
Posted Feb 27, 2026 - 13:58 PST

Update

Box continues to investigate reports of Captcha errors issues with FTP and SFTP logins.
Posted Feb 27, 2026 - 13:15 PST

Investigating

We are investigating an ongoing issue affecting FTP and SFTP logins. We will provide more information as soon as it is available.
Posted Feb 27, 2026 - 12:02 PST
This incident affected: FTP.
Current Status Powered by Atlassian Statuspage