even with partial credit card info there can be problems, be extra careful and
contact the fbi or secret service as they can get to the bottom of it
----- Original Message -----
From: Jeremy Curry
To: [email protected]
Sent: Wednesday, January 21, 2015 2:58 PM
Subject: Ai Squared Statement on Security
Ai Squared customers, assistive technology users, and fellow
members of the blind and visually impaired community,
Normally, you hear me talking about the products that Ai Squared
produces. Today, I come to you with a completely different message. As you may
be aware, in the early morning hours of Friday, January 16th, Ai Squared was
the victim of a cyber-attack.
First, we want to be clear about exactly what happened and what
data has been exposed.
A user was able to crack an internal password and used that
password to gain access to systems in our Indiana office. Through this crack
the user was able to upload a modified version of the GW Toolkit used in
Window-Eyes App Central. This version of GW Toolkit broadcast some unfortunate
messages mainly to users who were automatically updating their Window-Eyes
apps. Once we discovered what was happening, we immediately shut down external
updates to apps and replaced the hacked version with a fix. Approximate
exposure time was four hours and we think the number of users exposed to the
messages was minimal.
Unfortunately, the hacker then exploited another password hack
that gave them access to one of our databases. The database in question held
only partial transaction records for online purchases of Window-Eyes and
related products. Since we do not store complete credit card information
anywhere in our systems, we are confident that there has been no breach of
financial data. In addition we are monitoring our systems for unauthorized use
of any previously issued serial number information.
To reiterate, the hacker gained access to the GW Toolkit and a
database containing a list of online purchases. We have no evidence that they
gained access to financial/credit card data nor did they access our complete
customer database.
Here are the steps we've taken in the last few days:
a.. We have contacted all the users who have been affected by
the intrusion to alert them as to what happened. While we don't believe they
will be adversely affected, it's our responsibility to let them know what
occurred.
b.. We have changed all passwords that have access to any and
all of our internal data. We continue to conduct audits to look for other
potential security holes.
c.. We have disabled any updates to App Central until further
notice.
d.. We have reported this data breach to the appropriate
authorities. Rest assured that they are taking this very seriously and have
launched an investigation.
On a personal note: As we are all aware, the blind community
faces enough challenges to access and employment. These attacks have added to
that barrier by disrupting our business and the productivity of individuals
affected. We believe that the perpetrator of these attacks is, in fact, a
member of our own blind and low vision user community. We call on our community
to help bring them to justice. Should you have any information, please email us
at [email protected] before another company in the assistive technology
industry is affected. Let's work together to stop this type of criminal
misbehavior in our own community and continue building strong connections among
assistive technology users.
Thank you,
Jeremy Curry
Director of Product Management
Ai Squared
Email not
displaying correctly? View Online
Unsubscribe
If you reply to this message it will be delivered to the original sender only.
If your reply would benefit others on the list and your message is related to
GW Micro, then please consider sending your message to [email protected] so
the entire list will receive it.
GW-Info messages are archived at http://www.gwmicro.com/gwinfo. You can manage
your list subscription at http://www.gwmicro.com/listserv.
