Xero says that problems linked to its login infrastructure – not security woes – were to blame for yesterday’s mega wobble that saw customers locked out of the cloud-based accounting software for almost eleven hours.
The outage began at 08.25 UTC on 27 July and was not fully resolved until 19.04 UTC, according to Xero’s status page.
The unscheduled downtime ruined the working day for business owners and bookkeepers looking to access and work on their web-based accounts, and the scarcity of information being communicated by Xero frustrated many.
Playing down speculation on social media that the snafu may have been linked to something more sinister, the company tried to make it clear that the issue was “related to our login infrastructure, and was not a security incident.”
“A tool used to store and trigger events in the login flow was not operating as expected and resulted in failures and errors. Our product teams worked to restore the flow of these events and return service in a controlled way. Once again, we apologise for the inconvenience this has caused our customers,” it said.
In a blog post, chief customer officer Rachel Powel tried to acknowledge the “considerable inconvenience for our customers”.
But she was keen to stress that the issue was not security-related.
“I want to assure you that your data and personal information stored on Xero is secure. I know when these things happen, you may worry about the security of your data. I can assure you that this was not a security issue and no data was compromised,” she said.
“The incident was related to our login platform, where a system used to store and trigger events in the login flow was not operating as expected, and so resulted in failures and errors showing for our customers.”
Powel said Xero is “continuing our investigations to understand more about the cause”. So she is not yet in a position to confirm any tweaks that will prevent further outages from happening.
Neither did she confirm if customers will receive any compensation, even though many would have clearly preferred to be able to access the service. ®