Skip to content

Customers Receiving List Of Passwords On File When Not Requested

STATUS:

Resolved 3rd September 2019

COMMUNICATION:

Summary of impact:

Between the 2nd and 3rd of September 2019 we identified a subset of customers during the monthly automated billing where receiving a copy of passwords we have on file.

Preliminary root cause: Engineers determined that the issue occurred due to simultaneous updates occurring with one being done by a third party in the data centre to the infrastructure and the other an update to the billing software which contained a software bug.

This triggered the issue for a subset of customers to be provided with their passwords when not requested.

Mitigation:

Engineers halted the monthly invoice run so the issue could be resolved.

Next steps:

Engineers with the help of third-party vendors fixed the issue the following morning before the automated billing was restarted.

Further Steps:

Engineers will continue to investigate to establish the full root cause and work with third party vendors to prevent future occurrences.

 

Updated Communication (6th September 2019)

After an extensive audit of the issue we can confirm at no time were passwords provided to any other customers and the above issue was not a result of a hacking attempt as the audit has confirmed all systems are secure.

To avoid this issue from occurring again we have made several changes with our third-party vendors.

It remains our policy in the event that we detected that your passwords had been provided to other customers we would conduct an immediate password reset on all accounts.

We knowledge this is a security issue as a list of passwords should not be provided unless requested by an authorised person.

As a security precaution critical passwords will be reset by your local IT Specialist to avoid potential misuse by the accounts person which received the email.

Individual passwords for office users can be reset using the following steps from Microsoft as it is recommended these be reset individually:

https://support.office.com/en-us/article/video-change-your-office-365-for-business-password-df48c24e-d036-4d72-987f-b6197f618619

Or if preferred contact your local IT Specialist to have them reset.