Description: Flexera One - Software Vulnerability Research – US and Canada Customers Not Receiving SMS
Timeframe: July 6, 12:00 AM to August 21, 11:20 PM PDT
Incident Summary
On Thursday, July 6th, at 12:00 AM PDT, we were alerted to an issue that the Software Vulnerability Research platform was experiencing difficulties in delivering SMS messages to customers located in the United States and Canada. As a workaround, the customers were advised to utilize token-based two-factor authentication (2FA) instead.
Upon discovering the issue, we immediately contacted our communication provider, who informed us that messages to the US were failing due to recent changes in US regulations. These regulations now mandate the verification of all traffic, necessitating the provisioning of a new US Virtual Mobile Number (VMN) for clients and its submission to networks for verification.
Given that the approval process with our initial provider would have taken weeks, we made the decision to switch to another vendor. This alternative vendor was able to supply us with a temporary US number, allowing us to maintain essential communication capabilities during the incident.
On Monday, August 21st, we successfully implemented the new US Virtual Number provided by the alternative vendor, conducted thorough verifications and tests, and declared the incident resolved at 11:20 PM PDT.
Root Cause
The root cause of the incident was recent changes in US regulations, which required comprehensive verification of all message traffic. This, in turn, necessitated the adoption of a new US Virtual Mobile Number (VMN) for clients and its submission to networks for verification.
Remediation Actions
Future Preventative Measures
In order to secure and maintain permanent approval for SMS notifications, we will implement the following measures: