Last week’s hours of disruption at the start of the online workspace Notion was caused by phishing complaints, according to the startup domain registrar.
Notion was disconnected most of Friday morning, throwing its more than four million users into organizational darkness because of what the company called a “very unusual DNS problem that occurred at the registry operator level.” With the company’s domain offline, users were unable to access files, calendars, and documents.
Notion registered the domain name
notion.so through Name.com, but everything
.so domains are managed by Hexonet, a company that helps connect Sonic, the
.so top-level domain directories, with domain name registrars such as Name.com.
The complex network of interdependence is largely what led to the communication error that resulted in Notion falling offline for several hours.
In an email to TechCrunch, Name.com spokesman Jared Ewy said: “Hexonet received complaints about user-generated Notion pages related to phishing. They informed Name.com of these reports, but we could not independently verify them. According to the guidelines, Hexonet put a temporary grip on the Notions domain. ”
Marking the impact of this action, all teams worked together to restore the service to Notion and its users. All three teams are now collaborating on new protocols to ensure that this type of incident does not happen again. The Notion team and their eager followers were responsive and a joy to work with all the time. We thank everyone for their patience and understanding, “said Ewy.
It sounds as if there is no immediate danger of repeated interruptions.
Notion did not respond to our emails prior to publication, but spokeswoman Camille Ricketts later told TechCrunch: “We do not allow Notion to be used to host phishing sites. We have automated security software that searches for suspicious links on sites associated with our domain and removes them. ”
“In this case, a user had created a Notion page that linked to a phishing site that was hosted elsewhere, and it was not flagged,” Ricketts said. “Even in this case, we will usually be notified of the problem by our domain providers before the service is blocked. This time we were not notified. Now that we have a new communication protocol in place, we are confident that this type of problem will not happen again. ”
There are several threads on Reddit that discuss concerns that Notion is being used to host phishing sites, and security researchers have shown examples of Notion being used in active phishing campaigns. A Notion employee said almost a year ago that Notion would “soon” move its domain to
notion.com, which the company owns.
Notion’s outcome is almost identical to what happened to Zoho in 2018, which, like Notion, resort to tweeting at the domain registrar after it blocked
zoho.com after complaints about phishing emails sent from Zoho host email accounts.
Updated with comment from Notion.