Skribble AG - Notice history

Incident Summary (31.10.2025 – 03.11.2025)
We experienced abuse of SMS resends in trial accounts, where SMS messages were sent to high-cost numbers outside the EU and CH.

After detection, the SMS gateway was temporarily deactivated while we analyzed the issue and implemented countermeasures.

Impact:

• Financial loss to Skribble only

• No customer data affected or exposed

Countermeasures:

• Trial (non-paying) accounts can no longer send SMS outside defined “safe” countries

• Paying customers remain unrestricted

We apologize for the disruption during this period. The temporary outage was necessary to ensure no security breach and to protect our customers from any negative impact.

Sincerely,
Waldemar Dick (CTO)

The issue has been resolved.

All authentication SMS are now fully operational again.

The issue has reopened.

A backlog of undelivered messages is currently affecting the delivery of new authentication SMS.

We are working on a solution and will provide an update as soon as more information is available.

The issue has been resolved.

AES signing for non-Swiss phone numbers is fully operational again.

More details will follow in a post-incident report.

We have identified the source of the issue and closed the entry point. To re-enable AES signing for non-Swiss phone numbers, we need to deploy an update, which is scheduled for tomorrow morning.

No customer data was at risk: the exploit misused our messaging system to trigger SMS messages, which led to an automated shutdown due to unusually high volume.

More updates will follow as soon as the deployment is completed.

Due to fraudulent use of our SMS authentication service, all authentication SMS to non-Swiss phone numbers are currently blocked for signing with AES. We are actively investigating the source of the abuse and working to close the exploited gap.

In the meantime, we recommend using SES or QES signature levels as alternatives.

We will provide an update as soon as we have more information.

We have identified the issue; it only affects authentication SMS sent to non-Swiss phone numbers.

Our team is working with our SMS provider to resolve the problem and restore full delivery.

We will provide an update as soon as we have more information.