ACCESS RESTORED: Khoros Social Marketing, Intelligence, Experiences
Access to Khoros Social Marketing, Intelligence and Experience products has now been re-enabled. Our mobile app, Vault, and Promotions are still suspended. Users who reset their Khoros Marketing Platform in the past 48 hours (as of this notice) will need to create a new password.
For further context on the incident, as you know, Khoros Marketing platform access was shut down on Friday evening (CST) due to renewed suspicious activity. Our investigation confirmed that, as a result of an aggressive phishing attack, a malicious third party gained credentialed access to our platform. It appears to have been the same bad actor who attacked our system last week -- a coordinated, aggressive, and malicious third-party organization. We acted swiftly to contain the bad actor’s reach, and the attack was limited to two customers. Those customers have been notified.
Given the aggressive and persistent nature of the phishing attacks from a 3rd party, we took action to mitigate future risks before restoring access to the platform. We have done our best to be transparent with you about the incident and our actions, however we cannot disclose the exact security measures taken in the interest of protecting the platform’s integrity.
Please note: phishing attacks are not prevented by Multi-Factor Authentication if a user’s email is compromised. As such, we ask you to partner with us in reviewing the users with access to your account, and review processes to ensure safety measures are being taken. We encourage all users to remain vigilant against social engineering and phishing tactics.
We will continue to communicate with you through status.khoros.com, email, Atlas (where you can find the latest news on the Marketing blog), your Customer Success Managers, and through in-platform messaging to help you return to business as usual.
We appreciate your continued patience as we work diligently to bring all products within the Marketing platform back online securely.