On April 15th at approximately 23:30 CDT, Pushover's API servers came under a DNS amplification Distributed Denial of Service (DDoS) attack which caused them to be unreachable by their IPv4 addresses, though they were still reachable over IPv6.

This attack persisted through the morning of the 16th. At 01:55 we began rerouting traffic for api.pushover.net through a 3rd party DDoS mitigation company and we are once again receiving API requests (IPv4 and IPv6).

Unfortunately at this time, we are unable to receive e-mail notifications through our E-Mail Gateway for legacy USERKEY@api.pushover.net addresses, though our @pomail.net addresses are working.

At no point during this attack were any servers compromised or any data exposed. This was purely a resource exhaustion attack intended to take our service offline.

We are continuing to monitor the attack and are taking steps to mitigate its effect on our service. We will update this post with any further news.

Update 2020-04-16 16:30 CDT: The attack is still persisting, but as we are routing our API and dashboard through our 3rd party DDoS mitigation service, we are continuing to receive notification requests and send them out mostly without incident. We will continue to provide more updates here as needed.