SaaS company (Software as a Service) Zoho CRM was taken offline for almost two hours by their domain registrar TierraNet after the latter received phishing complaints from Zoho-hosted email accounts. This decision, Zoho says, affected more than 30 million of their worldwide customers, putting their services to a grinding halt post 9 AM, Pacific Standard Time.
Zoho CRM say that their site was pulled off without any prior notice by their domain registrar. They also say that as a result of this move, thousands of businesses relying on Zoho for day to day operations could not access their emails, documents, files and business-critical applications.
Following the takedown, Zoho claimed that TierraNet was contacted repeatedly to take action against the phishing emails to which, the domain registrar simply replied ‘unable to resolve the issue’. The SaaS company claims that after this incident, they had to resort to social media to explain their enterprise customers about the mishap.
Sridhar Vembu, CEO at Zoho explained:
We are working hard to identify why the domain was taken down by the registrar in the first place. Once we do that, we will take alternative steps so this never happens.
We apologize sincerely but this issue is well beyond our control and our domain was taken down with no notice!
The SaaS company said that the issue was resolved later in the day, but the damage was already done since a large number of Zoho customers were redirected to a blank page.
Basically, an automated system triggered this action and then once a human realized what happened, it was rectified.
Industry analysts claim that this might have been a one-off incident. With that being said, we believe that stringent cybersecurity measures need to be taken by Zoho just as Mimecast did, in a bid to support their clients in Europe.