Progress Software restored access to its ShareFile platform July 12 for customers affected by a security-related shutdown but told them to keep customer-managed file storage servers offline while it investigates.
The affected servers allow organizations to store data in their own environments rather than entirely in Progress’ cloud. The Massachusetts-based business software company has not said how many customers were affected.
In a July 10 notice reviewed by DysruptionHub, Progress said it had identified a “credible external security threat” targeting ShareFile Storage Zone Controllers. The company temporarily disabled access for affected accounts and instructed customers to shut down the servers hosting the controllers as a precaution.

ShareFile’s public status page reported at 12:12 p.m. EDT that day that the service was not operational for those customers and that the issue was under investigation.
In the notice, Progress said it had no indication of unauthorized access to ShareFile accounts or data. It said internal and outside cybersecurity experts were assessing the threat.
Progress told SecurityWeek on July 13 that it had notified all affected customers by 5 p.m. EDT July 12 that their ShareFile cloud access had been restored. The company said the controllers must remain turned off while the investigation continues.
“At this time, we have no evidence of unauthorized access to any ShareFile customer account or data, and we have not identified any active threat,” Progress said in the statement.
ShareFile’s public status page still listed the incident as unresolved July 13 and showed the July 10 investigation notice as its latest update, despite Progress’ statement that cloud access had been restored.
Progress has not disclosed what triggered the warning, whether a vulnerability was exploited, how many customers were affected or when the controllers can be restarted. It has not confirmed an attack type, threat actor, data theft or ransom demand.
In 2023, attackers widely exploited a zero-day vulnerability in Progress’ separate MOVEit Transfer product. The Cybersecurity and Infrastructure Security Agency attributed that campaign to the Clop ransomware group. No source reviewed by DysruptionHub has linked the MOVEit campaign to the ShareFile warning.
Customers can access the ShareFile cloud service, but Storage Zone Controllers must remain offline until Progress completes its investigation or issues new instructions.