Zoho pulled offline after phishing complaints, CEO says

Zoho.com was pulled offline on Monday after the company’s domain registrar received phishing complaints, the company’s chief executive said.

The web-based office suite company, which also provides customer relationship and invoicing services to small businesses, tweeted that the site was “blocked” earlier in the day by TierraNet, which administers its domain name.

In an email to TechCrunch, Zoho boss Sridhar Vembu said that TierraNet “took our domain down without any notice to us” after receiving complaints about phishing emails from Zoho-hosted email accounts.

In doing so, thousands of businesses that rely on Zoho for their operations couldn’t access their email, documents and files, and other business-critical software during the day. Zoho counts Columbia University, Netflix, Citrix, Air Canada and the Los Angeles Times as customers.

“They kept pointing us back to their legal, even when I tried to call their senior management,” said Vembu in the email.

Zoho.com was back up and running hours later, but at the time of writing, service to the site is spotty — likely due to the slow nature of domain name resolving. It may take hours or days for the site to be fully restored across the globe.

Vembu said that TierraNet received three complaints about Zoho-hosted email users in the past two months, which resulted in the domain blocking. He also tweeted about the incident to try to inform users of the domain blockage.

“We resolved two of them by suspending the accounts, and one is under investigation,” he said.

“We host tens of millions of accounts, and this is sad that our entire domain gets taken down for three complaints,” he said. “We are actively working to move our domain registration to another provider.”

It’s not unusual for companies like Zoho, or rivals like Microsoft and Google, to be used by malicious actors to host phishing sites or send phishing emails to unsuspecting victims. But companies typically work to limit malicious use — even if it’s near impossible to stamp it out completely.

TierraNet has so far remained silent on the issue. Several tweets showed TierraNet customer support agents apparently confirming Vembu’s version of events.

We reached out to TierraNet for comment but didn’t hear back at the time of writing. If that changes, we’ll update.