The longest duration outage in FibreMax history, what happened, what a DDoS attack is, and what we are doing next.
On Friday 15 May 2026, FibreMax experienced the longest duration service outage in our history.
A number of our hosted services were affected by a significant internet connectivity disruption. This impacted our hosted voice infrastructure and resulted in many FibreMAXfone customers being unable to receive or make calls as normal.
We want to begin by saying that we are sincerely sorry.
We understand that phone services are critical for businesses. When phones are unavailable, customers cannot call, staff cannot communicate properly, bookings can be missed, urgent enquiries can be delayed, and businesses are placed in a very difficult position. We know this was not ideal. We know it was disruptive. We also know that for many of our customers, this outage happened during business hours, when reliable phone service matters most.
This was not the level of service we want any FibreMax customer to experience.
The purpose of this article is to explain what happened, what caused the outage, what a DDoS attack is, how the issue was resolved, and what we are doing to reduce the risk of a similar event affecting customers in the future.
What happened on Friday 15 May 2026.
At approximately 1.00 PM AEST on Friday 15 May 2026, some FibreMax hosted services began experiencing significant internet connectivity issues.
The servers themselves remained operational throughout the incident. The issue was not caused by a failure of the FibreMax phone platform, and it was not caused by customer data, phone system configuration, handsets, routers, or NBN connections.
The issue was with internet connectivity to the hosted infrastructure.
In simple terms, the servers were still running, but many users could not reliably reach them over the internet.
The disruption was caused by a large scale Distributed Denial of Service attack, commonly known as a DDoS attack, targeting the network of our hosting infrastructure provider. According to information provided by our hosting provider, the attack was reported at approximately 400 Gbps.
That is an extremely large volume of traffic.
The attack was large enough to affect the primary upstream carrier used by our infrastructure provider, Superloop. To protect its wider network and other customers, Superloop disconnected our hosting provider network block from its backbone.
That network block included approximately 9,700 IP addresses across 38 network prefixes. Our hosted infrastructure was part of that affected network.
During the incident, partial connectivity was maintained through a secondary upstream provider. This meant some services were reachable at times, but throughput was significantly reduced and connectivity remained intermittent.
This explains why some customers may have seen services briefly return, then drop again, or behave inconsistently during the outage window.
At approximately 6.30 PM AEST, our hosting provider engaged GSL Networks, also known as Global Secure Layer. GSL Networks specialises in high capacity DDoS mitigation at the internet service provider level.
Their infrastructure was able to absorb and filter the attack traffic. This allowed clean traffic to reach the network again and helped restore full connectivity to the hosted services.
All FibreMax phone services were back online by 10.00 PM AEST.
Was customer data at risk?
No.
Customer data was not at risk at any point during this incident.
This was a network level attack. It was not an intrusion into FibreMax systems. It was not a hack of customer accounts. It was not unauthorised access to servers. It was not a data breach.
The attack was designed to overwhelm internet connectivity. Its purpose was to flood the network with traffic so that legitimate users could not reliably reach the hosted services.
While the impact on service availability was significant, there is no indication that customer information, phone system settings, call data, or hosted services were accessed or compromised.
What is a DDoS attack.
A DDoS attack stands for Distributed Denial of Service attack. It is one of the most common forms of large scale internet disruption. The easiest way to understand it is to imagine a business with a front door and a reception desk. Under normal conditions, real customers walk through the door, speak to reception, and get helped.
Now imagine thousands or millions of fake visitors arriving at the same time. They do not want service. They are not real customers. Their only purpose is to crowd the entrance, overwhelm reception, and stop genuine customers from getting through.
That is similar to what happens in a DDoS attack.
Instead of fake people at a front door, the attacker sends massive amounts of fake internet traffic toward a network, server, or online service. This traffic can come from many different locations at the same time, often from compromised computers, servers, or devices around the world. The target then becomes overwhelmed by the volume of traffic. A DDoS attack does not need to break into a system to cause damage. It can cause major disruption simply by making the system unreachable.
That is why DDoS attacks are often described as availability attacks. They are designed to stop legitimate users from accessing a service. Why a DDoS attack can affect many services at once. A large DDoS attack does not always affect only one website or one server.
Modern hosting environments rely on multiple layers of internet connectivity. These include data centres, routers, upstream carriers, internet exchanges, firewalls, and routing systems. When a DDoS attack is large enough, it can overwhelm not only the targeted service, but also the upstream network paths that carry traffic to and from that service.
In this case, the attack was large enough to affect the primary upstream carrier connection used by our hosting infrastructure provider. Because the attack targeted the broader network block, multiple hosted services were affected at the same time. This is why the outage affected reachability to our hosted infrastructure, rather than one single phone system or customer service.
Why phone services were affected.
FibreMAXfone is a cloud based voice service. This means customer phones, mobile apps, and call routing features connect securely over the internet to our hosted voice platform. This is what allows us to provide advanced features such as call queues, voicemail to email, time based routing, IVR menus, mobile extensions, call recording, and remote system management.
Because the platform is hosted, it depends on internet connectivity between the customer device and the hosted voice infrastructure. During this incident, the hosted infrastructure continued running, but the internet path to reach it was disrupted. As a result, many customer phones could not maintain reliable registration to the platform, and calls could not be processed normally.
This is similar to a building with working phones inside, but a major road closure preventing people from reaching the building. The systems were still operating, but the network path to them was affected.
How the issue was resolved.
Once the nature and scale of the attack became clear, our infrastructure provider worked to restore stable connectivity through alternate network paths. During the incident, partial connectivity was available via a secondary upstream provider, however this was not enough to fully restore normal service for all customers. The available capacity was reduced, and the connection remained intermittent.
At approximately 6.30 PM AEST, our provider engaged GSL Networks, a specialist carrier with high capacity inline DDoS mitigation capability.
DDoS mitigation works by identifying and filtering malicious traffic before it reaches the affected network. Instead of allowing all traffic to flood the target, the mitigation provider absorbs the attack traffic, separates harmful traffic from legitimate traffic, and allows clean traffic through. Once GSL Networks was engaged, they were able to provide a clean transit path. This allowed the affected network to become reachable again without being overwhelmed by the attack traffic. As the clean path was established and routing stabilised, FibreMax services progressively returned to normal.
All phones were back online by 10.00 PM AEST.
Our role during the incident.
While the root cause of the outage was outside the direct control of FibreMax, we remained actively involved throughout the incident. We monitored the status of our hosted services. We followed updates from our infrastructure provider. We tested service reachability as connectivity changed. We watched for signs of recovery across customer phone systems. We continued to assess the impact on hosted voice services as network paths were restored.
We also had to make careful decisions based on the information available at the time. During a DDoS event of this scale, there is no instant switch that can simply restore everything immediately. The solution requires upstream carriers, routing changes, filtering, mitigation capacity, and network stability. Some services may partially return before the underlying attack is fully mitigated. That can make the situation appear inconsistent from the customer side, which we know can be frustrating.
We fully understand that customers are not interested in technical explanations when their phones are down. Customers need their services to work. That is exactly why we are taking this incident seriously.
Our apology to customers.
We sincerely apologise to every FibreMax customer affected by this outage. We understand the position this placed many businesses in. For a business, phone service is not just a technical service. It is a connection to customers. It is bookings, sales, support, urgent calls, and day to day operations.
We know that when phones do not work, it can create stress for owners, managers, reception teams, support staff, and customers trying to get through. Even though the incident was caused by a large scale attack on our hosting provider network, and not by a direct failure within the FibreMax phone platform, we are still responsible for the service experience we provide to our customers.
We take that responsibility seriously.
What we are doing next.
We are working with our hosting and network partners to review additional measures that can reduce the risk of a similar incident affecting FibreMax services in the future. This includes reviewing additional failover options, upstream network diversity, DDoS protection arrangements, routing resilience, and business continuity planning for hosted voice services.
The goal is to improve our ability to maintain service availability even when a major upstream network provider is affected.
We are also reviewing how we communicate during major service events. During an outage, customers need timely, clear, and practical updates. We want to continue improving the way we provide information during incidents, especially when the issue is outside our direct infrastructure but still affects customer services.
No provider can honestly promise that large scale internet incidents will never happen. The internet is made up of many interconnected networks, carriers, hosting providers, routing paths, and infrastructure partners.
What we can promise is that when issues happen, FibreMax will act quickly, communicate as clearly as possible, work with the right technical partners, and do everything within our power to restore services as quickly as possible.
Final update.
The incident began at approximately 1.00 PM AEST on Friday 15 May 2026.
The cause was a large scale DDoS attack targeting the network of our hosting infrastructure provider.
The attack affected the primary upstream carrier path, resulting in major internet connectivity disruption to our hosted services.
Customer data was not at risk.
No FibreMax systems were accessed or compromised.
All FibreMax phone services were back online by 10.00 PM AEST.
We apologise again to every customer affected.
This was the longest duration outage in the history of FibreMax, and we are treating it as a serious event. We are working with our partners to strengthen resilience, improve failover capability, and reduce the impact of similar network level incidents in the future.
