Xero says problems with its login infrastructure – not security concerns – were behind yesterday’s mega swing which saw customers locked out of the cloud-based accounting software for nearly eleven hours .
The outage began at 08:25 UTC on July 27 and was not fully resolved until 19:04 UTC, according to Xero’s status page.
Unplanned downtime has ruined the workday of business owners and accountants looking to access and work on their web accounts, and the scarcity of information from Xero has left many frustrated.
Playing down speculation on social media that the snafu may have been related to something more sinister, the company tried to clarify that the issue was “related to our login infrastructure and not a security incident.”
“A tool used to store and trigger events in the login stream did not work as expected and resulted in outages and errors. Our product teams have been working to restore the stream of these events and restore service in a controlled manner. Again once, we apologize for the inconvenience this has caused our customers,” he said.
In a blog post, Chief Customer Officer Rachel Powel attempted to acknowledge the “considerable inconvenience to our customers”.
But she was keen to emphasize that the problem was not security-related.
“I want to assure you that your data and personal information stored on Xero is secure. I know that when these things happen you may be concerned about the security of your data. I can assure you that it was not an issue of security and that no data has been compromised,” she said.
“The incident was related to our login platform, where a system used to store and trigger events in the login flow did not work as expected, and therefore resulted in failures and errors for our customers.”
Powel said Xero is “continuing our investigations to learn more about the cause.” It is therefore not yet in a position to confirm the adjustments that will prevent further outages.
She also did not confirm whether customers will receive compensation, although many would have clearly preferred to be able to access the service. ®