Last week’s hours-long outage at online workspace startup Notion was caused by phishing complaints, according to the startup’s domain registrar.
Notion was offline for most of the morning on Friday, plunging its more than four million users into organization darkness because of what the company called a “very unusual DNS issue that occurred at the registry operator level.” With the company’s domain offline, users were unable to access their files, calendars, and documents.
Notion registered its domain name
notion.so through Name.com, but all
.so domains are managed by Hexonet, a company that helps connect Sonic, the
.so top-level domain registry, with domain name registrars like Name.com.
That complex web of interdependence is in large part what led to the communications failure that resulted in Notion falling offline for hours.
In an email to TechCrunch, Name.com spokesperson Jared Ewy said: “Hexonet received complaints about user-generated Notion pages connected to phishing. They informed Name.com about these reports, but we were unable to independently confirm them. Per its policies, Hexonet placed a temporary hold on Notion’s domain.”
“Noting the impact of this action, all teams worked together to restore service to Notion and its users. All three teams are now partnering on new protocols to ensure this type of incident does not happen again. The Notion team and their avid followers were responsive and a pleasure to work with throughout. We thank everyone for their patience and understanding,” said Ewy.
There are several threads on Reddit discussing concerns about Notion being used to host phishing sites, and security researchers have shown examples of Notion used in active phishing campaigns. A Notion employee said almost a year ago that Notion would “soon” move its domain to
notion.com, which the company owns.
Notion’s outage is almost identical to what happened with Zoho in 2018, which like Notion, resorted to tweeting at its domain registrar after it blocked
zoho.com following complaints about phishing emails sent from Zoho-hosted email accounts.
It sounds like there’s no immediate danger of a repeat outage, but Notion did not return TechCrunch’s email over the weekend asking what it plans to do to prevent phishing on its platform in the future.