Customer Services
We are investigating an elevated error rate within our support ticketing systems. Customers may experience failed support case functions when attempting to generate a support case from Support Chat systems. We ask that customers email Support teams at support@fastly.com to ensure no delays.
Our network availability and all other services are unaffected.
Status Post, Created Date/Time: 2025-10-20 08:21:47 UTC
Note: Our Customer Escalation Management team will update the start date and time of this status post upon the resolution of this incident. This update is meant to provide our customers and their end users with a potential impact window. The date and time mentioned in the message above indicates when the status post was requested by our Acute Incident Response team.
Our engineers believe they have identified contributing factor causing the issue impacting the Support Ticketing System status page component.
We will post a new update once it has been fully implemented and we see signs of recovery.
All other products and services are unaffected by this incident.
Engineering has confirmed the impact to our Support Ticketing System has been mitigated.
Due to the recent implementation of a new billing system, you may experience a delay in receiving your invoice for September 2025. We are committed to prompt and accurate billing and apologize for any inconvenience this may cause.
What’s next? What do I have to do?
Fastly's support team will contact affected customers with more details during North America business hours on Monday, the 6th of October 2025.
On the 6th of October, if you have not yet received your invoice and have not been contacted by us through the notifications center in the Fastly User Interface (UI), please email our Billing Support team. We will work with you to resolve any issues.
For other questions or concerns, please contact our Support team or reach out to your designated account team members.
Starting on the 15th of September 2025, Fastly will strengthen how password expiration is enforced for organizations with PCI password requirements enabled. Users
with expired passwords
will be prompted to set a new password at their next login.
What’s Changing?
This change in our system's behavior ensures that all customers who have enabled PCI (Payment Card Industry) password requirements will experience consistent and robust enforcement of password expiration policies. This update is crucial for maintaining the highest security standards and compliance with industry regulations.
By aligning user login behavior with established security best practices and compliance standards, we are taking a proactive step to safeguard sensitive data and enhance overall system integrity. This consistency in password expiration helps to mitigate risks associated with stagnant or compromised credentials, thereby protecting both our customers and their valuable information
What’s next? What do I have to do?
Users with expired passwords will need to perform a password reset when logging in.
Contact Information
Customers with any questions or concerns may engage with our Support team by emailing support@fastly.com .Fastly was impacted by the recent security incident involving Salesloft's Drift application. We have investigated and notified all Fastly customers affected. This incident was isolated to our Salesforce instance and did not impact any Fastly services, infrastructure, or products. This post includes a summary of our response and the customer outreach we’ve performed.
What Happened
Between August 13 and August 18, 2025, a threat actor (tracked as UNC6395 by Google Mandiant) exploited stolen OAuth tokens tied to the Drift integration to gain unauthorized access to Salesforce instances across many companies, including Fastly. The incident was contained on August 20, 2025 when Salesloft and Salesforce disabled the integration. We immediately began our own investigation, confirming that the malicious activity was isolated to our Salesforce instance and the data accessed was limited to case subjects, descriptions, and contact details.
What We Did Immediately
After confirming containment, our security team took the following actions:
Reviewed Salesforce audit logs for anomalous activity.
Analyzed and removed other active Drift integrations out of an abundance of caution, confirming only the Salesforce integration was impacted.
Reset OAUTH sessions by re-authenticating the integration account.
Coordinated with Salesforce to verify containment and extract details not contained in audit logs.
Analyzed query activities by the threat actor to identify the compromised data.
What You Can Do
We recommend customers rotate any credentials previously shared with Fastly in a support case. Additionally, to protect against potential follow-up attacks, please be cautious of unsolicited emails, calls, or requests for sensitive information. Remember, Fastly will never ask for your passwords or credentials.
Customer Notifications
We have distributed Fastly Service Advisories to impacted parties as of September 4. Fastly customers with superuser access on impacted accounts should have received an email notification of a new message in their Fastly control panel Message portal or a direct email from support@fastly.com. All other users on the impacted accounts will have received a Fastly Service Advisory to the Message portal within their control panel, and can view it upon their next log-in.
Customers who have not received a Service Advisory were not identified in our investigation as being impacted. If you have questions, please email support@fastly.com.
Due to the recent implementation of a new billing system, you may experience a delay in receiving your invoice for August 2025. We are committed to prompt and accurate billing and apologize for any inconvenience this may cause.
What’s next? What do I have to do?
Fastly's support team will contact affected customers with more details during North America business hours on Thursday, 4th of September 2025.
On the 5th of September, if you have not yet received your invoice and have not been contacted by us through the notifications center in the Fastly User Interface (UI), please email us at billing@fastly.com. We will work with you to resolve any issues.
For other questions or concerns, please contact our Support team at https://support.fastly.com or reach out to your designated account team members.
To offer feedback on our status page, click "Give Feedback"
On the 26th of August 2025, we released an update to the VCL Editor in the Fastly Control Panel. This release unified Snippets, Custom VCL, and Complete VCL into a single, modernized view.
What has Changed
This update introduced several improvements:
Modernized Code Editor: Enjoy a smoother coding experience with syntax highlighting, error checking, and code folding.
Full-Screen Mode: Expand the editor to easily read, edit, and review complex VCL.
Unified VCL View: Manage VCL Snippets, Custom VCL, and Complete VCL in one place to simplify your workflow.
Editable Dynamic Snippets: Add and edit Dynamic Snippets directly in the UI.
Boilerplate Insertion: Insert boilerplate code directly from the Custom VCL view.
Auto-Generated Code: Reduce manual effort by automatically generating standard VCL functions and variables.
To learn more about these changes, please see our documentation: About VCL snippets and Using VCL snippets.
What’s next? What do I have to do?
No action is required.
Contact Information
If you have any questions, please contact our Support team at https://support.fastly.com or reach out to your account team.As part of Fastly's ongoing global network expansion, we are announcing the addition of our new data centers in Madurai (IXM) and Delhi (QAG).
These facilities will initially launch as a limited availability deployment on the 19th of August, 2025, meaning not all customer traffic will be routed through this new location during this initial phase.
Our estimated duration is 4 hours, starting at 18:00 UTC on Aug-19th.
When this change is applied, customers may observe additional origin traffic as new cache nodes retrieve content from origin. Please verify that your origin access lists allow the full range of Fastly IP addresses [Public IP List | Fastly Documentation].
Customers with any questions or concerns may engage with our Support team through [Fastly Support] or by contacting your designated account management team members.
We're happy to announce that the Madurai (IXM) and Delhi (QAG) data centers have been successfully moved from its initial limited availability phase to general availability. As of September 25, 2025, all customer traffic will now be routed through this location.
To offer feedback on our status page, click "
Give Feedback
"
On the 13th of May 2025, Fastly received a pre-release report detailing a distributed denial of service (DDoS) vulnerability called MadeYouReset (CVE-2025-8671). Fastly implemented a fix for this vulnerability in release 25.17 of Fastly’s internal fork of H2O. The fix was deployed and fully implemented across Fastly on the 2nd of June 2025.
Vulnerability Details
The MadeYouReset vulnerability (CVE-2025-8671) was publicly disclosed on the 13th of August, 2025. This vulnerability exploits the same HTTP/2 protocol implementation flaw that was used in Rapid Reset (CVE-2023-44487). The MadeYouReset vulnerability existed in the upstream H2O repository and also in Fastly’s forked version of H2O. In addition to ensuring our forked version of H2O was patched, Fastly Engineering coordinated with the original vulnerability researcher to proactively patch the upstream repository and resolved the core issue. This ensured the fix is available across all environments that rely on the open source implementation of H2O.
For more information about this vulnerability and its upstream fix in H2O, please see:
What’s next? What do I have to do?
No customer action is required. The fix has been applied across Fastly.
Customers with any questions or concerns may engage with our Support team through https://support.fastly.com or by contacting your designated account management team members.
We're investigating possible performance impact affecting the Support Chat System.
Customers may experience failed support case functions when attempting to generate a support case from Support Chat systems. We ask that customers email Support teams at support@fastly.com to ensure no delays.
We have identified the source of the performance impact to our Support Chat System as an issue with our third-party service provider. We are in active communication with the vendor, and they are working on a resolution.
For the latest updates on their mitigation efforts, please refer to their status page: https://status.ext.foqal.io/statuspage/foqal/1257223
In the meantime, we recommend customers continue to email support@fastly.com for any support needs to ensure there are no delays.
We have confirmed that the performance impact to our Support Chat System that originated with our third-party service provider has been mitigated.
Engineering has confirmed that Support Chat System has been fully restored. Customers may have experienced performance degradation from 12:55 to 18:01 UTC.
For more details regarding the incident with our third-party service provider, please refer to their status page: https://status.ext.foqal.io/statuspage/foqal/1257223
This incident is resolved.
To offer feedback on our status page, click " Give Feedback "
Status Post, Created Date/Time: 2025-08-08 16:40:52 UTC
Note: Our Customer Escalation Management team will update the start date and time of the initial "investigating" status post upon the resolution of this incident. This update is meant to provide our customers and their end users with a potential impact window. The date and time mentioned in the message above indicates when the status post was requested by our Acute Incident Response team.
On the 18th of July, 2025, Fastly was made aware of a new HTTP/1.1 desync attack vector. Our security response engineers immediately initiated a thorough internal investigation, which determined that the Fastly platform is
not vulnerable
to this attack vector.
On the 21st of July, to validate our findings, we collaborated with the third-party researcher who discovered the attack vector. In this process, we confirmed that no Fastly-hosted endpoints were flagged as vulnerable during their research. The researcher noted that "Fastly seems to be relatively robust against desync attacks."
For additional due diligence, our Engineering teams also reviewed a preview of the full whitepaper on 28th of July, which further confirmed our conclusions.
You can read more about their research here: [ The Desync Endgame Begins by James Kettle from PortSwigger Research ]