Marketo customers shut out after vendor fails to renew Web domain
- 27 July, 2017 12:05
Marketo’s CEO, Steve Lucas, has issued an apology to the vendor’s global customers after they were shut out of Marketo’s core application due to a failure to renew its main domain name registration.
A spokesperson for the company confirmed that on the morning on 25 July PST, Marketo Web domains experienced access issues with the vendor’s DNS that affected all Marketo instances. This issue prevented customers from logging into its core application and impacted thousands of websites running Marketo for their marketing capabilities globally.
The outage stemmed from an oversight to auto renew the vendor’s domain name registration for its main URL, Marketo.com. This led to a series of issues which Lucas attributed to a combination of human and process error. The company owns thousands of domain name properties.
The spokesperson told CMO the issue did not affect product performance and that staff acted immediately to remediate the problem. However, because of the nature of domain name resolution issues, Marketo warned global customers it could take up to 24 hours for the problem to propagate and be rectified.
“While the propagation of the Marketo domain started early on the morning of July 25, completion will vary depending upon local propagation settings,” the spokesperson told CMO. “We expect most customers to have access to the Marketo.com domains shortly.”
In his email to customers, Lucas said the vendor’s core application continued to operate in the background throughout the problem, and assured customers that data was never at risk during the outage.
“While our global support team in Ireland was working with our DNS registrar in the very early morning hours, members of our customer and partner community helped pinpoint specific issues that aided us significantly,” he stated. “While this does not absolve market of responsibility for this serious situation, I would like to thank the individuals who assisted us.”
Lucas has now commissioned a detail review of internal operating procedures on a number of fronts to ensure Marketo has fail-safe protocols in every area of the business.
“Additionally, I’ve addressed the company internally and while the issue with the registration is largely resolved, I have nonetheless emphasised the gravity of what occurred and extended a call to action for more precision in our operation,” he said.
“I want to be completely transparent with you [as customers] on what happened and assure you that it won’t happen again.”
Digital threat management provider, RiskIQ, was quick to point out discovery of the issue after its RiskIQ Community portal became extremely slow to load and launched a workaround to solve the problem.
In a blog post, RiskIQ said the avoidable issue is one that happens all too often to organisations. According to RiskIQ data, there are at least 18,000 websites around the world running Marketo behind their websites.
“What causes a domain with a registration history of several years to all of a sudden lapse into renewal? Simple: A lack of digital footprint management,” RiskIQ stated. “In this case, the primary company domain failed to renew by the staff and was simply transferred to a holding location until it was bought back.
“Fortunately for Marketo, it appears they recognised their mistake, but what would have happened if their domain was registered by a malicious actor? What if all the websites using market began delivering malware?”
Setting the domain to auto-renewal is one way to know infrastructure is safe, but beyond that, RiskIQ recommended having a solid understanding of externally facing digital assets.