[Critical] Issues with Multiple Box Services

We recently addressed issues affecting Box. We would like to take the opportunity to further explain these issues and the steps we have taken to keep them from happening in the future.

‌

On January 7th, 2026 between 5:10 PM and 5:50 PM PST, some customers experienced elevated errors and timeouts across multiple Box experiences, including Login, Uploads/Downloads, Box Notes, and the Public API. These issues were caused by a series of changes that triggered a request storm that overloaded our caching fleet. We resolved this by initially rate limiting background traffic and then rolling back the changes.

‌

Analysis

On January 6th, a new feature was deployed that increased the utilization of one of our cache backends. That feature, in isolation, did not cause any problem. On January 7th, at 3:30 PM PST, another application change was rolled out that increased the traffic on the same system. Combined, these two changes significantly decreased our capacity buffer on some of our cache systems.

‌

On January 7th at 5:00 PM PT, another unrelated application change was released which created a short traffic spike in the cache system. This spike would have been handled without problems in a normal situation, but the reduced capacity buffer in our cache system created some temporary slowness and retries. Unfortunately, one critical code path that had been migrated to a newer infrastructure had a more aggressive retry policy than the old one. As a result, a retry storm increased the traffic progressively to our caching infrastructure. This traffic increase was not evenly balanced, as it was mostly targeting the few servers that were suffering under the load. The peak impact window was felt between 5:30PM and 5:50PM.

‌

To resume normal operations, we deprioritized some background traffic to increase the capacity of our cache system, and rolled back the changes that were causing the elevated traffic.

‌

Corrective Actions

Box has initiated the following corrective actions:

• Implemented a more conservative retry control policy (to prevent retry amplification during partial failures)
• Improved handling of cache-related failures to reduce cascading effects
• Enhanced monitoring and alerting of our capacity buffers to identify the impact of sudden traffic spikes on our cache systems

‌

We are continuously working to improve Box and want to make sure we are delivering the best product and user experience we can. We hope we have provided some clarity here and we would be happy to answer any questions you may still have regarding this matter. 

‌

Sincerely,
The Box Team