#WORKFLOWY SECURITY FULL#
Workflowy is otherwise back to full functionality for our users. We apologize for any inconvenience caused by these temporary changes.
#WORKFLOWY SECURITY PASSWORD#
If you are one such user and prefer a password, you can reset your password here. Out of an abundance of caution, we have transitioned all user accounts who logged in during the period of the attack to email based login codes. We are currently continuing to require reCAPTCHA authentication for all logins to prevent this type of attack from happening again. On March 19, we were able to stop the attack completely. We also posted to Twitter to alert our users and continued to post updates. During our response, we were able to block the attack for most of the time that it lasted. When other measures did not work, we temporarily blocked all users from logging in to completely halt the attack. We saw initial successes with these actions, followed by the attacker making changes and resuming the attack. We will not publicly detail the steps taken because we do not want future attackers to have that information, but some like our implementation of reCAPTCHA were visible to users. We also determined that the attacker was attempting to compromise user accounts through credential stuffing.ĭuring the attack, we implemented a number of different measures to stop the attacker. Because of that previous activity, we were able to quickly identify and act on this attack. In the following days, we observed user login activity similar to what triggered the flurry of e-mails reported to us on March 12. We were not initially aware that any user accounts were at risk of compromise. We take our relationship with our users seriously, so we acted promptly based on what was known at the time and communicated what we believed was occurring. We posted to Twitter to alert users about this.
After an initial investigation, we determined that the activity began on March 10 and appeared to be the work of a spammer. On March 12, we received a flurry of user reports of receiving multiple automated e-mail messages from us regarding their accounts. Additionally, because of the nature of the attack, the only accounts impacted are those that a) use passwords for login, and b) use the same password for Workflowy as for other services. Based on our investigation, the attacker targeted a limited number of Workflowy accounts during the attack, and the vast majority of Workflowy users were not impacted. We also believe that our actions mitigated and ultimately stopped this attack, as further discussed below. We have no way of knowing where the attacker got the credential information used in this attack, but we have identified no evidence that it originated with Workflowy. You can read more about credential stuffing here. While we do not have visibility to the specific tools used by the attacker, evidence from the attack appears consistent with “credential stuffing,” which is the automated use of collected usernames and passwords to gain fraudulent access to user accounts. Workflowy’s back-end systems and infrastructure were not compromised in this attack. This malicious activity initially appeared to be the work of a spammer, but upon further investigation we identified that the real target was gaining access to individual accounts. For people who re-use passwords, we simply do not know exactly which accounts were compromised.Īs we posted about on our Twitter account, individual Workflowy accounts were recently targeted by an unknown attacker. If you use a strong password and don’t re-use it, your account 100% has not been compromised. The only way your account was compromised was if your Workflowy password is re-used on other sites. Important: Most people who received an email from us did not have their accounts compromised! We emailed every single user who logged in during the period of the attack and told them as much.
#WORKFLOWY SECURITY UPDATE#
Update : Note, if this is the first you’re hearing about this attack, then you weren’t impacted.
0 kommentar(er)
