Herald publisher NZME was able to resolve the issue by switching from a Spark broadband connection to one with another provider. However, the telco said it was not a Spark-specific issue.
Although Down Detector had a surge of Microsoft 365 outage reports at 8.30am as people arrived in offices, Microsoft first flagged a potential issue to corporate customers in a 2.05am update, in which it said it was investigating “A potential issue with general access or latency [lag] issues with Microsoft 365 issues”.
A 7.49am Microsoft update said, “We’re receiving reports of issues impacting various Microsoft 365 services including but not limited to Exchange Online, Outlook and Microsoft Teams within New Zealand.
An 8.27am update said: “We’ve rerouted network traffic to alternate infrastructure and are seeing improvements in service availability.”
DDoS attack
On Wednesday, Microsoft suffered around 10 hours of global disruption.
The company said the “initial trigger event” for the outages was a distributed denial of service (DDoS) attack – a spike in usage caused by millions of bots controlled by a hacker, flooding a service with traffic until it can no longer cope.
Data is not put at risk during a DDoS attack, but the spike in connection requests effectively blocks services to others. Security experts have likened it to sheep blocking a road.
Microsoft said a configuration error in the rollout of its own defences to prevent the attack “amplified the impact of the attack rather than mitigating it”.
On July 23, a faulty update with CrowdStrike’s cybersecurity software threw some 8.5 million PCs running Microsoft Windows into the “Blue Screen of Death”.
Although accounting for less than 1% of Microsoft customers, many affected clients were in banks, airlines and other critical services.