On theevening of Tuesday,24 February 2026
What Is a DDoS Attack?
DDoS stands for Distributed Denial of Service. It is one of the most common forms of cyber attack on the internet today. Banks, government websites, large corporations, and internet service providers around the world face these attacks regularly.
Think of it this way: imagine thousands of people simultaneously trying to walk through one door at the same time. Nobody can get through — not the attackers, and not the legitimate people who actually need to enter. The door itself is fine, but the sheer volume of people blocking the entrance makes it unusable for everyone.
The attacker does not “hack” into the system or steal data. Instead, they use a network of thousands of compromised devices — often home routers, smart TVs, security cameras, and other internet-connected devices that have been infected with malware without their owners knowing — to send a flood of fake traffic to the target.
Our analysis confirmed that thousands of compromised devices from around the world were used in this attack.
How It Affected Our Customers
For an ISP like 123NET, a DDoS attack has a particularly devastating effect. Unlike a website that simply becomes slow, an ISP’s upstream internet links can become completely saturated, meaning all customer traffic is affected — not just traffic to our own website.
During the attack, customers experienced:
- Slow or no internet connectivity
- Inability to access the customer portal
- Intermittent service throughout the following day
Normal internet traffic — web browsing, streaming, video calls, work applications — could not get through because the flood of attack traffic filled up the same internet pipes that carry all customer data.
We understand how frustrating this is, especially for customers who rely on their connection for work, education, and daily life. We sincerely apologise for the inconvenience.
📊 Timelineof Events
- Tuesday, 22:00 — Attack begins. Our monitoring systems detect abnormal traffic patterns. Instead of normal customer traffic levels, inbound traffic drops to near zero as upstream links become saturated.
- Tuesday, 22:00 – 23:00 — The attack intensifies. Both our web services and network infrastructure are targeted simultaneously.
- Wednesday, ~01:30 — Engineering team begins active mitigation. Upstream provider coordination initiated, however response times are slow due to the late-night hour.
- Wednesday morning — DDoS protection measures activated. Continued coordination with upstream providers.
- Wednesday, ~16:30 — Full service restored. Additional security measures deployed.
Was AnyCustomerData Compromised❓
No. A DDoS attack blocks access to services but does not breach security. No customer data was accessed, stolen, or compromised during this incident. Your account details, payment information, and personal data remained secure throughout.
⚡ IsThisa Force Majeure Event?
Yes. A deliberate DDoS attack constitutes a force majeure event — unforeseeable circumstances caused by the intentional, malicious act of an external party, which is beyond our reasonable control.
While we invest continuously in network protection and monitoring, no internet provider in the world can guarantee complete immunity from large-scale DDoS attacks. This is an industry-wide challenge that even the largest global networks face regularly.
📋 WhatWeAre Doing About It
In response to this incident, we have taken the following steps:
- DDoS protection activated — our web services are now protected by industry-leading DDoS mitigation, which filters malicious traffic before it reaches our infrastructure
- Automated monitoring deployed — we have built automated systems that detect traffic anomalies and can respond within minutes, rather than waiting for manual intervention
- Firewall rules strengthened — access controls have been tightened at both the application and network level
- Forensic analysis completed — we have identified the attack pattern and preserved all evidence
- Abuse reports filed — we are working with international hosting providers to shut down the compromised infrastructure used in the attack
📋 TheInvestigation
Our engineering team has completed a detailed forensic analysis of the attack. All evidence has been preserved and documented.
We are cooperating with relevant parties, and all forensic data is available for any potential legal proceedings.
Frequently AskedQuestions❓
Was my personal data exposed?
No. DDoS attacks block access to services but do not breach security. No customer data was accessed, stolen, or compromised.
Will I be credited for the downtime?
Customers who experienced extended downtime may contact our support team to discuss credit adjustments on a case-by-case basis.
Could this happen again?
While no internet provider can guarantee complete immunity from DDoS attacks, the measures we have put in place significantly reduce both the likelihood and the potential impact of future attacks. Our new automated systems can respond in minutes rather than hours.
Who was behind the attack?
The investigation is ongoing. All evidence has been preserved for any potential legal proceedings.
Should I change my password?
It is not necessary as a result of this incident, but it is always good practice to use strong, unique passwords and to change them periodically.
Contact Us
If you have any questions or concerns about this incident, please do not hesitate to reach out:
- Support: [email protected]
- Phone: 021 300 1662
- Customer Portal: 123net.co.za/portal
We appreciate your patience and continued trust in 123NET. Keeping your internet service reliable and secure is our top priority, and we are committed to learning from this incident to serve you better.
— The 123NET Engineering Team
