PageFair breach disclosure
Here’s an example of how to timely detect and disclose a breach transparently.
Halloween Security Breach
By Sean Blanchfield
PageFair security breach has been resolved – here is what you need to know.
Update 1 – 21:30 GMT November 1, 2015
The attack was sophisticated and specifically targeted against PageFair, but it is unacceptable that the hackers could gain access to any of our systems. We identified the breach immediately, but it still took over 80 minutes to fully shut it down. During this time, visitors to websites owned by the publishers who have placed their trust in us were targeted by these hackers.
The damage was mitigated by our standard security practices, but the attackers still gained access. I want to take some time here to describe exactly what happened, how it may have affected some of your visitors, and what we are doing to prevent this from ever happening again.
We will update this post as we establish more facts.
WHAT YOU NEED TO KNOW
We noticed the security breach within 5 minutes, but it took until 01:15 (83 minutes) to fully rectify the situation. After this time visitors were no longer affected.
If you had the free PageFair Analytics code installed on your website yesterday, it is possible that some visitors to your website will have downloaded the malicious executable file. We are directly notifying every publisher who had our code deployed during this time. If we do not reach out to you directly, it means that you were not affected.
WHO WAS AFFECTED?
WHAT WAS NOT AFFECTED
There is no evidence or reason to believe that any core pagefair servers or databases were compromised. No publisher account information, passwords or personal information has been leaked.
- For today, our priority has been to ensure that all systems are fully secure and that all company-wide passwords are reset. This has been done.
- Tomorrow we will audit the level of access to company documents that the hackers may have gained. We do not store any Personally Identifiable Information in any system, but we will advise partners if we have reason to believe any sensitive documents may have been accessed.
- We will analyze which security practices failed and which could be strengthened and adopted to prevent something like this from occurring in future.
- We will continue to post mortem this for the remainder of the week, and will regularly update this post with our findings.
Thanks to our customers who were patient with us during this issue, The Media Trust Company, who worked hard to reach us during the issue, and MaxCDN for being available in real time to help lock the hackers out of our account. We will have more updates tomorrow.
Please ask us any questions in the comments section below or feel free to reach out to us at [email protected] We will respond to every single email and query that comes our way. We will also be updating our Twitter account as we update this post.