You may have experienced some issues with phone calls, either making or receiving them, today. The details are not fully known, but one of the large phone carriers providing internet phone service to around 40% of customers in the United States and Canada (as a carrier, they connect internet-based phone systems with the Plain Old Telephone System, or POTS, phone numbers and lines) appears to have had a Distributed Denial of Service (DDoS) attack pointed at them, and we’ve seen phone call issues of various sorts since just before noon on Monday.
The carrier in questions is called Bandwidth.com and their status page is currently tracking the issue. Because they are so large, if you make or receive phone calls regularly, it’s likely you will experience issues whether on your side or the other, with calls not completing or one or both sides not being able to hear the other side. Or in some cases, pressing phone numbers (such as to navigate IVR voice menus to pick options) are not working during a call. Bandwidth has a customer list showing some of the large customers they serve, but some of the companies that use Bandwidth for their back-end phone services include Google, Microsoft, RingCentral, LogMeIn GoTo, 8×8, Zoom, Windstream, Dialpad, some parts of our own Servant Voice sister company, and many other large and small phone companies. We have heard reports today in discussions with others of outages with several of those companies from this attack today.
A DDoS attack is basically an attacker getting a bunch of systems with a lot of speed (bandwidth), often compromised/hacked systems, to all send junk internet traffic to one victim as fast as they can. Real traffic, like your phone calls, is squeezed out and can’t make it through. It’s a popular attack because it’s so disruptive, though it usually (by itself at least) doesn’t cause data to be stolen, it just keeps services from working. Many times the attacker will extort a ransom from the victim to stop, unless they have other motives for the attack.
The attack is currently ongoing, and no one knows when it will be over (it may stop at night and start during the business day to best use the attacker’s resources). It is affecting some calls on our sister business phone company, Servant Voice, although outbound calls have been routed through another carrier, so if inbound calls don’t work, try returning the call and it may work (but the person you’re calling may also be on Bandwidth.com!). In some cases, caller ID may not come through. We’re keeping our Servant Voice status page updated as well, and posted a status update blog post for review.
Although news coverage of these issues has been slow, likely because new information to report on has been scarce as Bandwidth.com has not made significant comment, we’re updating this post to add two recent news articles that mention it:
- Bandwidth.com is latest victim of DDoS attacks against VoIP providers (Bleeping Computer)
- DDoS assaults against VoIP providers continue (Tech Radar)
- A message from the Bandwidth CEO (added Tuesday afternoon)
- Bandwidth CEO confirms outages caused by DDoS attack (ZDNET, added Tuesday afternoon)
We know the interruption can be frustrating, but knowing nothing can be worse so we wanted to give you some details. If you’re contacting us for support and the phone isn’t working well, please email our support email address to get in touch. We’ll keep an eye on things and if the problems continue, we will obtain an alternate, temporary phone number that may work better and will publish this on our website at Servant42.com if we choose that path.
Thank you! We appreciate the opportunity to serve you as September winds to a close and we approach Cybersecurity Awareness Month in October.
CEO, Servant 42, Inc.
President, Servant Voice, Inc.
and the Servant 42/Servant Voice team