Skribble AG - Notice history

Incident Summary:

On November 12th 2024, an upgrade to the latest version of GlobalSign Atlas inadvertently disabled the mTLS certificate expiration warning. As a result, no notification was received on either the GlobalSign or Skribble side regarding the certificate status. This led to a temporary disruption in the secure communication channel, impacting functionality for signatures and the AES4Business feature.

Timeline of Events:

1. Issue Detected: 12:00 - Discovered interruption in the secure channel between GlobalSign and Skribble, affecting specific features.

2. Root Cause Analysis: 12:15 - Identified that the mTLS certificate expiration warning had been disabled in the updated GlobalSign Atlas version, preventing any proactive alerts.

3. Resolution: 13:40 - Updated the secure channel between GlobalSign and Skribble, restoring all functionalities, including AES4Business.

Resolution:

The secure communication channel between GlobalSign and Skribble was reestablished. Signature services and the AES4Business feature are now functioning as expected.

Follow-Up Actions:

1. Review and Update Communication Channels: All communication channels between Skribble and GlobalSign will be reviewed and updated to ensure uninterrupted notifications and functionality.

2. Long-Term Validity Assurance: The renewed connection is valid for the next five years, minimizing the risk of similar issues during this period.

Conclusion:

The issue has been resolved, and measures are in place to prevent recurrence. We expect smooth operations and reliable notifications over the next five years due to the updated connection configuration.

Incident Summary:

On November 11th 2024, 16:45, a maintenance script inadvertently removed access rights for a system user required during a post-authentication process. While the primary login function remained operational, a secondary process that logs user data from our Identity Provider (IDP) service failed due to insufficient permissions. This led to presumed login failures on our website from the user perspective.

Timeline of Events:

1. Issue Detected: 16:45 - Users reported presumed login failures.

2. Root Cause Analysis: 17:45 - Identified that a maintenance script had removed access rights for a specific system user involved in the post-authentication data logging process.

3. Resolution: 18:30 - Restored the system user’s permissions, allowing the post-authentication process to function as intended.

Resolution:

The system user’s permissions were restored, returning the post-authentication process and website functionality to normal.

Follow-Up Actions:

1. Maintenance Task Correction: Updated the maintenance script to prevent unintentional permission removals for essential system users in the future.

2. Verification: Reviewed other critical processes to ensure no additional permissions were affected.

Conclusion:

The issue was successfully resolved, and preventive measures have been implemented to mitigate the risk of similar incidents. The system is now performing as expected, and no further interruptions are anticipated.

The degradation is only affecting a single customer.

We are still investigating the customers issues.

API Performance Update: Service Restored to Normal

We are pleased to announce that the performance issues affecting our API earlier today have been fully resolved. Our team has successfully addressed the extreme load that was causing degraded performance.