Platform Alerts

On December 18, 2025, at 13:02 UTC, an issue in a component of our authentication service resulted in a service degradation for the Anaplan platform. The issue was triggered by a significant surge of traffic, which led to intermittent login failures for customers. Those who were already logged into the platform were unaffected.

The authentication issue may have affected customers attempting to log in to the below regions:

• us1: Data Center - US East
• us2: Data Center - US West
• eu1: Data Center - Netherlands
• eu2: Data Center - Germany
• eu4: Cloud - Europe
• us5: Cloud - US East
• us7: Cloud - US
• ap1: Cloud – Japan

Root cause and resolution

The Anaplan authentication service is comprised of several components. This includes a session policy manager that governs service capacity and protects the platform from overload conditions.

The incident was triggered by a substantial surge of traffic requests from a customer due to a misconfigured testing script. This resulted in the authentication service experiencing traffic volumes many times greater than normal operating levels. This traffic breached the expected traffic levels for our session policy manager. This caused a circuit breaker within the component to open at 13:02 UTC.

The circuit breaker is a safety mechanism designed to protect the system from overload. Its activation had the consequence of blocking some incoming user login traffic, leading to authentication disruption.

Our incident response team immediately began mitigation procedures. This included blocking the suspected IP addresses responsible for the traffic surge. Concurrently, the source of the anomalous traffic was identified, and the automated script was stopped. This allowed our authentication component to return to normal operations, and the circuit breaker was closed. Service fully recovered at 14:05 UTC, which was directly correlated with the cessation of the unusual traffic pattern.

Corrective and preventative actions

We are taking comprehensive steps to strengthen our platform and prevent recurrence.

• We are enhancing our monitoring to generate higher-fidelity alerts. This will ensure we get earlier and more actionable intelligence on anomalous request rates.
• We are optimizing our processes and refining the thresholds for blocking multiple IP ranges at the Web Application Firewall (WAF) level. This will enable more rapid response and mitigation.
• We are strengthening our Web Application Firewall (WAF) rate-limiting capabilities to provide a more robust defense against volumetric traffic.
• We are deploying more granular rate-limiting capabilities. This will enable our platform to automatically isolate and manage high-volume traffic from a single source, ensuring service stability for all other customers.
• We are enhancing the architecture of our authentication components, specifically to improve their ability to scale automatically and withstand sudden traffic surges.

We apologize for the disruption this incident caused to your business operations. We are committed to learning from this event to make our platform more robust and reliable.

If you have further questions or concerns, please visit our Support website. We appreciate your patience during this incident and value the trust you place in Anaplan.