Community

Forums » News, Info and Announcements

Attempted Data Breach Information

    • Moderator
    • 3741 posts
    October 22, 2019 5:29 AM EDT

    Hello,

    For as long as we have been making software for community builders we, at SocialEngine, have always made client security a top priority.  We do our best, not only to build a platform safe for your communities but also to defend your private data. We believe data privacy is of the utmost importance and for this reason, we are notifying clients and experts of an attempted data breach. We want to state very clearly and emphatically that the breach was unsuccessful and no data was retrieved. However, as we have a specific policy for attempted access to restricted areas, we’ve had to take action to protect our data and enforce our policies.

    Recently, we became aware of several attempts to access client and expert data via specific queries. We were able to block every attempt made and our investigation led us to the origination of the attempted breach. We took swift action to prevent any further attempts.

    Our investigation has revealed that this attempted breach was originated by the third party expert SocialEngineAddOns and during the investigation and recovery period, we temporarily suspended their account until Nov. 3. In our discussions with their parent company, BigStep Technologies, they also tracked down from where the issue originated and have taken action on their end to prevent any further attempts. We are happy to say we have been able to work together to resolve this. 

    We opted for a temporary suspension over the termination because they conducted their own investigation and had no knowledge their developer had attempted a breach, they had never attempted such action before, and they’ve made assurances it will never happen again. Also, because no data was retrieved and all attempts were unsuccessful, there have been no damages to our clients, experts or our company.

    For clients who purchased SocialEngineAddOn products from our store, please contact SocialEngineAddOns directly at their website for plugin downloads until the suspension is lifted. Please feel free to contact our support if you are unable to show proof of purchase and we’ll do whatever we can from our end to get you the info.

    We would like to end this message by thanking each and every SocialEngine client and the third-party experts who work tirelessly and in an ethical manner to provide top notch software which truly makes this ecosystem great. We look forward to continuing to grow the platform and the ecosystem with your help!

    Respectfully, The SocialEngine Team

    • 248 posts
    October 23, 2019 2:16 PM EDT

    We appreciate the SocialEngine Team for patiently working with us on this.

    SocialEngineAddOns team has also published a blog post on our SocialEngineAddOns.com website to provide you more details on this 'Incidents of API Calls to SocialEngine.com Website's Backend'.

    You can refer to this blog post: https://www.socialengineaddons.com/content/incidents-of-api-calls-to-socialengine-website-backend 

    We thank again to Donna and SocialEngine team. 

    SocialEngineAddOns Team

    • 190 posts
    October 28, 2019 6:00 PM EDT

    Whilst im very happy these attempts were blocked this is the second time in as many months SEAO has been associated with a data breach. 

     

    Referring back to a conversation I had with Donna and SEAO through emails of one of their developers inviting me to join LinkedIn. At the time I thought this was an invite to connect but after an investigation on my side my only LinkedIn account uses my work email and not my personal email and this invite was directed towards my personal email. 

     

    I'd question the security of the data currently held by SEAO as this second association brings questions for me. 

    • Moderator
    • 3741 posts
    October 30, 2019 5:54 AM EDT
    PeppaPigKilla said:

    Whilst im very happy these attempts were blocked this is the second time in as many months SEAO has been associated with a data breach. 

    Referring back to a conversation I had with Donna and SEAO through emails of one of their developers inviting me to join LinkedIn. At the time I thought this was an invite to connect but after an investigation on my side my only LinkedIn account uses my work email and not my personal email and this invite was directed towards my personal email. 

    I'd question the security of the data currently held by SEAO as this second association brings questions for me. 

    Did they ever resolve how they got your business LinkedIn account?

    • 190 posts
    October 30, 2019 6:02 AM EDT
    At first it was denied and insinuated I contacted them for support through LinkedIn. It wasn’t until I showed screen shots of the invite to join LinkedIn by their employee that they accepted responsibility but all was said is it won’t happen again.
    • 248 posts
    October 30, 2019 8:44 AM EDT

    Hi PeppaPigKilla,

    We received your email ID from our own customer database, and not through any illegitimate means:

    You have an account on SocialEngineAddOns.com with your email ID: **email removed by request ** , and we used that email ID to send you an invite.

    We're sorry if an invite from us caused you any inconvenience. Please drop us an email in case you need to discuss any concerns.

    Thanks!


    This post was edited by Donna at October 30, 2019 1:39 PM EDT
    • 190 posts
    October 30, 2019 8:58 AM EDT
    I’ve discussed my concerns. Your staff member is using clients emails to try and connect on LinkedIn or invite your clients to LinkedIn.

    Also please remove my email on your post. I know it’s sort of censored but it shouldn’t be there at all.
    • Moderator
    • 3741 posts
    October 30, 2019 1:40 PM EDT
    PeppaPigKilla said:
    Also please remove my email on your post. I know it’s sort of censored but it shouldn’t be there at all.

    I removed the email. Sorry I didn't see it before, was very busy on upcoming things. :)