Know what to do when something breaks.

Practical playbooks for common business failures. Prepare before an incident, or open the recovery checklist when it has already happened.

Risk landscape

Where failures tend to land

The library spans six operational areas. Use this map to find the parts of the business with the most recovery paths to prepare.

CriticalSeriousDisruptive
Number of DisasterLab playbooks in each category, segmented by severity

Incident library

Playbooks for common failures

50 playbooks

Vendorcritical

App removed from an app store

A mobile app or developer account is rejected, removed, or suspended, blocking new installs, updates, billing, or discovery.

Infrastructureserious

Background jobs stop processing

Queued emails, imports, billing actions, webhooks, or other asynchronous work is delayed or frozen.

Datacritical

Backups will not restore

Backups exist, but they are missing, corrupt, incomplete, encrypted, incompatible, or too slow to use.

Accesscritical

Business email compromised

An attacker may read mail, reset other accounts, impersonate the business, or redirect payments.

Vendorserious

CI/CD provider outage blocks releases

Builds, tests, package publishing, or deployments cannot run through the normal automation provider.

Accesscritical

Cloud account compromised

An attacker may control cloud identities, infrastructure, data, logs, or the account's billing and recovery settings.

Infrastructureserious

Cloud quota exhausted

A provider limit prevents new requests, instances, storage, messages, builds, or other critical resources.

Infrastructurecritical

Cloud region outage

A cloud region or availability zone hosting critical workloads becomes unavailable or severely degraded.

Peopleserious

Contractor disappears

A contractor becomes unreachable while retaining access, knowledge, devices, code, data, or ownership of critical services.

Vendorserious

Critical SaaS provider outage

A provider your product or operations depend on is unavailable, degraded, or losing data.

Infrastructureserious

Critical scheduled job silently stops

A cron task or scheduler no longer runs backups, renewals, reports, cleanup, billing, or synchronization.

Vendorcritical

Critical vendor shuts down

A provider announces closure, ends your product, terminates service, or gives a short migration deadline.

Accesscritical

Customer accounts under credential-stuffing attack

Automated attackers are testing stolen username and password pairs against customer accounts.

Datacritical

Customer receives another customer's data

An export, report, attachment, or support response exposes one customer's information to another.

Moneycritical

Customers charged twice

A retry, webhook, race condition, import, or operator action creates duplicate customer charges.

Infrastructureserious

Database connections exhausted

The application cannot obtain database connections, causing requests, jobs, and administrative access to stall.

Infrastructurecritical

Database migration fails mid-release

A schema or data migration partially applies, blocks traffic, corrupts records, or leaves old and new code incompatible.

Infrastructurecritical

DDoS attack overwhelms the service

Malicious traffic exhausts bandwidth, connections, compute, or expensive application operations.

Infrastructurecritical

DNS change takes the business offline

Incorrect nameservers or DNS records make the website, API, email, or verification services unreachable.

Infrastructurecritical

Domain expired or lost

Your domain no longer resolves, has left your registrar account, or is registered to someone else.

Datacritical

Encryption key lost or unusable

Encrypted customer data, backups, or infrastructure cannot be decrypted because the required key is missing or inaccessible.

Peoplecritical

Former team member still has access

Someone who no longer works with the business can still reach accounts, code, data, devices, or customer systems.

Peopleserious

Founder unavailable for two weeks

The only person with critical authority, access, or knowledge cannot work or communicate.

Accesscritical

GitHub organization compromised

An attacker may control an owner account, repositories, Actions, apps, or credentials connected to your GitHub organization.

Accessserious

Laptop lost or stolen

A work laptop containing sessions, source code, customer data, or recovery credentials is missing.

Infrastructureserious

Launch produces 20× expected traffic

A launch, mention, campaign, or attack sends far more legitimate traffic than the system was designed to handle.

Accessserious

MFA device lost or broken

The phone or security key used to approve critical logins is unavailable, damaged, or stolen.

Infrastructureserious

Monitoring and alerts go blind

Logs, metrics, traces, uptime checks, or alerts stop reporting while production continues to run.

Vendorserious

Newsletter provider closes the account

Your newsletter account is suspended, disabled, terminated, or inaccessible before an important send.

Accesscritical

Package registry account compromised

An attacker may be able to publish malicious versions of packages your customers or systems install.

Accesscritical

Password manager locked out

The vault containing business passwords, recovery codes, and secure notes is unavailable or cannot be unlocked.

Moneycritical

Payment webhooks stop processing

Payment events are delayed, rejected, or ignored, leaving orders, subscriptions, and access out of sync.

Datacritical

Private data appears in a public repository

Customer information, credentials, internal documents, or private source code were pushed to a public repository.

Datacritical

Private storage bucket becomes public

Files intended for restricted access can be listed or downloaded without proper authorization.

Accesscritical

Production API key leaked

A credential that can read data, spend money, send messages, or control production has been exposed.

Datacritical

Production data deleted

Records, files, tables, or an entire production database were deleted or overwritten.

Datacritical

Production database corrupted

Production records still exist but values, relationships, indexes, or internal storage are no longer trustworthy.

Infrastructureserious

Production deploy breaks the site

A release causes errors, missing pages, failed checkouts, corrupt writes, or unexpected customer behavior.

Datacritical

Ransomware or destructive malware

Systems or data are encrypted, stolen, deleted, or held for payment by a malicious actor.

Datacritical

Sensitive data appears in logs

Passwords, tokens, payment details, personal data, or private content are being recorded in application or vendor logs.

Vendorcritical

Software dependency compromised

A library, container, plugin, action, SDK, or build dependency may contain malicious or unauthorized code.

Moneycritical

Stripe payouts frozen

Stripe is still collecting money, but payouts are delayed, paused, failed, or restricted.

Moneycritical

Sudden wave of chargebacks

Disputes rise sharply because of fraud, customer confusion, service failure, or an organized abuse campaign.

Peopleserious

Team member leaves without a handover

A key person departs before transferring ownership, context, credentials, work, or recurring responsibilities.

Infrastructuredisruptive

TLS certificate expired

Browsers or API clients reject your site because its HTTPS certificate is expired, invalid, or issued for the wrong name.

Vendorserious

Transactional email stops arriving

Login links, receipts, alerts, invitations, and account messages are rejected, delayed, or sent to spam.

Moneycritical

Unexpected cloud bill

Cloud, AI, storage, bandwidth, or API spending rises far beyond the expected amount.

Vendorserious

Vendor API changes without warning

A third-party API changes behavior, authentication, fields, limits, or versions and breaks a critical workflow.

Infrastructurecritical

Website hacked

An attacker may have altered your site, stolen data, installed persistence, or gained access to connected systems.

Infrastructureserious

Wrong feature flag enabled in production

A hidden, unfinished, risky, or destructive code path is activated for the wrong customers or environment.

No playbooks match that search.

How it works

A small plan you can use under pressure

01

Choose the incident

Start with the system, provider, or person that is creating the risk.

02

Prepare or recover

Use the readiness checklist beforehand or follow urgent actions in order.

03

Verify control

Finish with observable checks that prove the business is actually recovered.