Email Alerts Are Not Being Sent
Incident Report for Mezmo Status Page
Postmortem

Start Time: Wednesday, October 6, 2021, at 17:30:06 UTC
End Time: Wednesday, October 6, 2021, at 21:30:27 UTC
Duration: 4:00:21

What happened:

Email notifications from alerts were partially halted for about 4 hours. Notifications sent by Slack and Webhooks were not affected.

Why it happened:

Our email service provider’s daily limit of 250,000 email messages was exceeded. All email message notifications from triggered alerts bounced and could not be resent.

Further investigation revealed that a HackerOne Security Analyst looking for flaws in our service to report to us had made our system send 450,000 emails. This was accomplished by manually adding an array of many email addresses into the “Change Owner” request field within our Web UI.

Adding multiple email addresses in that field is not permitted through normal usage of the Web UI. The Security Analyst intercepted the http request sent when the form was submitted and manually inserted a json list in the field, effectively sending an array of email addresses rather than a string. LogDNA had no server-side (e.g. backend) validation to ensure only a string could be accepted.

How we fixed it:

We took remedial action by contacting our email provider, who temporarily increased our daily email sending limit to 625,000 messages. This allowed email notifications from alerts to resume.

We then added server-side validation for the “Change Owner” field in our Web UI so that only strings are accepted, even if the request is manually intercepted and an array of email addresses is added.

What we are doing to prevent it from happening again:

We will audit our Web UI to find all places where multiple email inputs can be added. We’ll then add server-side validation, so only strings are accepted.

We’ll emphasize to our HackerOne Security Analysts that they should not take potentially damaging actions as they proactively search for vulnerabilities in our service.

Posted Oct 13, 2021 - 21:04 UTC

Resolved
Our email alerting feature has been restored to normal operation. All services are fully functional.
Posted Oct 06, 2021 - 22:35 UTC
Investigating
Our email alerting feature is not working at the moment and customers are not receiving alerts by email. Other types of alerts, such as Slack and webhook, are still working. We are investigating.
Posted Oct 06, 2021 - 21:29 UTC
This incident affected: Log Analysis (Alerting).