The error was spotted by privacy-oriented mail provider ProtonMail, which tweeted: "There is an ongoing BGP hijacking incident impacting the ProtonMail network.
There is an ongoing BGP hijacking incident impacting the ProtonMail network. Connectivity to Proton services is being impacted. @Telstra is announcing our 188.8.131.52/24 subnet without authorization.— ProtonMail (@ProtonMail) September 29, 2020
"Connectivity to Proton services is being impacted. @Telstra is announcing our 184.108.40.206/24 subnet without authorisation."
In November 2018, Telstra took down part of the Internet in Australia due to a BGP configuration mistake.
"Since we don't have RPKI filtering in our network (yet), we are currently filtering everything with the path '.* 4637 1221$'. This is of course taking a while..."
Some of the routes hijacked by the Telstra BGP error.
Another admin, Sadiq Saif, responded: "My employer's prefixes were affected, I posted about it on the AusNOG list so I could get some assistance. It has cleared up now but it took about two hours or so.I saw AS paths like this from HE's looking glass: 6461x4, 4637x11, 1221. I would love to know what the root cause of the leak was."
Saif's post on the AusNOG list, posted at 6.43pm AEST on Wednesday, read: "Can somebody from Telstra's NOC contact me off list please? Y'all are leaking the following prefixes: 220.127.116.11/24, 18.104.22.168/24, 22.214.171.124/24, 126.96.36.199/24, 188.8.131.52/24.Correct origin is AS32748, not AS1221. I am contacting on behalf of my employer who is a Steadfast customer."
A third sysadmin, Mark Duffell, wrote that the issue had been fixed at 20.32 UTC on 29 September (6.32am AEST on Wednesday).
ProtonMail added: "To clarify, reading emails is not impacted. Incoming/outgoing mails may be delayed (messages are queued & routed through slower secondary paths). No data is lost or breached. The issue unfortunately lies with @Telstra and must be fixed on that side.
"It appears close to 100 networks (including some large prefixes) are impacted by this @Telstra accident, not just ProtonMail: https://rpki.cloudflare.com/?view=bgp&asn=."
Telstra has not made any media statement or commented about the incident on its own Twitter or Facebook accounts. However, the company responded to the ProtonMail tweets, saying: "Due to a technical error overnight, a number of internet prefixes were incorrectly advertised as Telstra’s. This meant some Internet traffic may have been routed to Telstra incorrectly, although our systems indicate negligible traffic was actually received.
"The overnight change has now been reversed. No emails or data were breached or lost. We’re working with @ProtonMail and other impacted customers to ensure a full recovery of their services."
iTWire contacted Telstra for comment this morning; in response, the company sent a statement which is the same as the reply it issued to the ProtonMail tweets.
In response to a comment from one Andre Teneiro asking if there would be any blog post about the incident in order that others could learn from it, ProtonMail replied: "Unfortunately, there is not much that can be done against BGP hijacking. We already have many measures in place such as alternative routes for email and Web traffic in case of such an incident and tonight did switch to backups which limited the user impact."