[access-uk] AI Squared statement on security.
- From: "Ibrahim Gucukoglu" <ibrahim_gucukoglu@xxxxxxxx>
- To: <access-uk@xxxxxxxxxxxxx>
- Date: Wed, 21 Jan 2015 22:27:52 -0000
Hi Everyone.
Pasted below is a copy of an email received from AI Squared regarding a recent
security breech, posted for information only, I know no more than is posted
here.
Ai Squared customers, assistive technology users, and fellow members of the
blind and visually impaired community,
Normally, you hear me talking about the products that Ai Squared produces.
Today, I come to you with a completely different message. As you may be aware,
in the early morning hours of Friday, January 16th, Ai Squared was the victim
of a cyber-attack.
First, we want to be clear about exactly what happened and what data has been
exposed.
A user was able to crack an internal password and used that password to gain
access to systems in our Indiana office. Through this crack the user was able
to upload a modified version of the GW Toolkit used in Window-Eyes App Central.
This version of GW Toolkit broadcast some unfortunate messages mainly to users
who were automatically updating their Window-Eyes apps. Once we discovered what
was happening, we immediately shut down external updates to apps and replaced
the hacked version with a fix. Approximate exposure time was four hours and we
think the number of users exposed to the messages was minimal.
Unfortunately, the hacker then exploited another password hack that gave them
access to one of our databases. The database in question held only partial
transaction records for online purchases of Window-Eyes and related products.
Since we do not store complete credit card information anywhere in our systems,
we are confident that there has been no breach of financial data. In addition
we are monitoring our systems for unauthorized use of any previously issued
serial number information.
To reiterate, the hacker gained access to the GW Toolkit and a database
containing a list of online purchases. We have no evidence that they gained
access to financial/credit card data nor did they access our complete customer
database.
Here are the steps we’ve taken in the last few days:
a.. We have contacted all the users who have been affected by the intrusion
to alert them as to what happened. While we don’t believe they will be
adversely affected, it’s our responsibility to let them know what occurred.
b.. We have changed all passwords that have access to any and all of our
internal data. We continue to conduct audits to look for other potential
security holes.
c.. We have disabled any updates to App Central until further notice.
d.. We have reported this data breach to the appropriate authorities. Rest
assured that they are taking this very seriously and have launched an
investigation.
On a personal note: As we are all aware, the blind community faces enough
challenges to access and employment. These attacks have added to that barrier
by disrupting our business and the productivity of individuals affected. We
believe that the perpetrator of these attacks is, in fact, a member of our own
blind and low vision user community. We call on our community to help bring
them to justice. Should you have any information, please email us at
tips@xxxxxxxxxxxxx before another company in the assistive technology industry
is affected. Let’s work together to stop this type of criminal misbehavior in
our own community and continue building strong connections among assistive
technology users.
Thank you,
Jeremy Curry
Director of Product Management
Other related posts:
- » [access-uk] AI Squared statement on security. - Ibrahim Gucukoglu