Incident Date: March 10, 2024 Incident Duration: March 10th evening till March 11th early morning

Affected Services: TrekkSoft backoffice, POS Desk, Booking Widget, Website Builder, mobile App

Incident Description: At approximately 6:18 PM CET on March, 10, 2024, a SQL injection attack was conducted which affected our database. A SQL injection is a technique used to attack applications by inserting malicious statements in order to hinder normal workflows from happening. As a result, services dependent on this database were impacted and therefore not accessible. 

Impact: The incident rendered it impossible to perform operations on the database, leading to a halt in functionality for the majority of our services (not being able to log in or take bookings) . This disruption caused three downtime periods of 45 minutes at 9.30PM,  and a 30 minutes disruption on March 11th around 5.30AM

Resolution: The incident was resolved by blocking the IP address from where the attack was conducted and restoring the database service.

Preventive Measures and Recommendations:

1. WAF Solution: Extension of our Web Application Firewall Solution to all our domains within TrekkSoft and of TrekkSoft merchants. The ones that use custom domains within TrekkSoft will receive an email over the next weeks with instructions to follow.   
2. Reviewing the code base to make sure we find any possible vulnerabilities.

Rest assured, that at TrekkSoft, a secure and reliable system has the highest priority. Unfortunately, these types of attacks became very common in the industry. Our system sent out alerts upon being attacked  and, our engineering team was right on spot and started to resolve the issue. Over the next week, we will put the mentioned measures in place.