Security Release v1.36.2
Today we had an OTP attack causing a lot of SMS messages being sent in a short time. This update is the main protection of this ever occurring again.
The attack started yesterday at 19:33 UTC and ended at 22:26 UTC. For security reasons we are not going to disclose all the details, but feel free to ask us directly.
As a result of this attack, the signups, SMS alerts and Phone Call alerts were disabled all day.
More limitations will be added in the following days, but a normal user shouldn't be able to trigger them.
API v1.36.2 Updates
- OTP codes are throttled system-wide, protecting signups (#958)