• DDoS - what is it and what should I do?

Hi bunqers,

All bunqers have shared their interest and support - when we have suffered from a DDoS 🚨 - for which we're very grateful! We figured it would be nice to give you a behind the scenes look and provide you with some context on what we do to fight these attacks, especially if they are persistent.

Over the last couple months we've experienced some downtime and updated you about this on every single occasion. Realistically, every company faces these kind of issues. It might come across as it affects us more however instead of displaying a general outage message, we prefer to be transparent. We choose to openly communicate if there is anything that might interfere with a seamless experience 📖. The total of these minor glitches has been below average and has mainly been because of DDoS attacks that are unrelated to the safety of our infrastructure.

You could compare a DDoS (distributed denial-of-service) attack with a traffic jam at the end of a concert; everybody is trying to get onto the same street all at once 🚍🚗🚕🚙🚌. The attack is clogging up the highway, preventing regular traffic from arriving at its destination 🏡. This means that the infrastructure is still there and not broken, however you're having a harder time to get through.

We have filtering in place for when this happens, this filtering should automatically kick in when we face high amounts of traffic. This is equivalent to removing cars from the highway - especially if they appear to be making things worse 🚗🚙. Most of our users should be unaffected when this happens - but as the filtering looks for repeated activity, sometimes it mistakes continuous requests to repeat the same task (e.g. checking in the app) as a potential attack 🚨.

If after 2 or 3 failed attempts, you still can't access the app, you can always check the latest status on our Twitter account - we always make sure to update our timeline as fast as possible 🚁. You can of course, find more in depth updates here on Together or send us an email during downtime for personal matters (support@bunq.com).

If you have any comments or further questions, please feel free to post them below 💪


- Rob

    Thanks for the information and transparency again

      Clear story! Keep up the good work! 👍

        Well the traffic jam at the end of a concert is a legit traffic but a ddos is not. I wish you guys really have shared what happened.

          Hey Arvin,


          Absolutely correct! We can definitely handle the concert jam (the days before christmas went just fine).

          It's a DDoS that is the issue here, full of non-legitimate traffic.

            Write a Reply...