Security Release v1.36.2

Today we had an OTP attack causing a lot of SMS messages being sent in a short time. This update is the main protection of this ever occurring again.

The attack started yesterday at 19:33 UTC and ended at 22:26 UTC. For security reasons we are not going to disclose all the details, but feel free to ask us directly.

As a result of this attack, the signups, SMS alerts and Phone Call alerts were disabled all day.

More limitations will be added in the following days, but a normal user shouldn't be able to trigger them.

API v1.36.2 Updates


  • OTP codes are throttled system-wide, protecting signups (#958)