On January 28th 2020, Khoros suffered an attack on its Social Marketing platform. Below summarizes what happened, how Khoros contained the threat, and what we have done to safely restore our customers to service.
On Tuesday afternoon, Khoros observed suspicious activity in the Khoros Marketing platform that triggered an immediate investigation by our engineering team, resulting in our decision to temporarily shut down the platform.
This attack was preceded by an independent incident on Monday, when we helped a customer recover from a malicious social attack. On Tuesday, we became the target ourselves. We took swift and decisive action upon identifying the intrusion, and shut down access to the platform. With the platform locked down, we conducted a thorough root cause analysis and we identified the issue. The issue is now resolved, and Khoros Social Marketing, Intelligence, Experience, Vault and Promotions products are back online.
What was the nature and impact of the suspicious activity?
On Tuesday 1/28, the malicious actor exploited a vulnerability with a password reset code in the Khoros Marketing Platform and were able to access a small number of user accounts. No passwords were compromised.
How widespread was the impact?
Based on a thorough review of activity logs across the platform, we have determined that the bad actor was able to access a very small number of Khoros Marketing customer accounts. Per the above, no passwords were compromised. Khoros has communicated directly with all impacted customers.
We shut down the platform as a precaution as we pursued resolution; as a result Social Marketing and Vault customers were unable to use the platform from late afternoon on Tuesday until Thursday afternoon CST. Intelligence, Experiences, and Promotions customers regained access Friday night CST.
How are we certifying that the vulnerability has been thoroughly resolved?
Khoros has engaged an independent third party to complete a pentest on the platform, certifying that the vulnerability has been addressed.
Was Khoros Care or Khoros Community affected?
Absolutely no data in Khoros Community or Khoros Care (including the CRM integration) was impacted by the incident in Khoros Marketing solution. Any cross-platform ties were severed during the investigation.
What specific actions did Khoros take?
When will Khoros Marketing be restored to service?
All Khoros Marketing Platform products are back online and restored to service.
Is the Khoros Marketing platform still ingesting data?
Khoros Marketing has continued to ingest data from all authenticated social channels during the shutdown.
Was my scheduled content saved in the system? Did content auto-publish when Khoros Marketing was brought back online?
All previously scheduled content and workflows were saved in Social Marketing.
How can I resume publishing and moderation activities in Social Marketing?
Administrators can only resume activity for the Initiatives they have access to.
Once you have reviewed existing content and are happy to resume activity, Company Administrators (or users with advanced administrative roles), have two options in the Pause Publishing screen, accessible via https://admin.spredfast.com/company-settings/pause-publishing:
Who can I contact if I have more questions?
For further questions, please contact firstname.lastname@example.org. All media inquiries should be directed to email@example.com
I think the situation was handled appropriately regardless of the temporary discomfort experienced. The safety and security of customers and clients should always be FIRST and given the space we all navigate there is a TON of reputational risk to associated with compromises of this nature. Great job Khoros leadership, engineers, staff, etc for your decisive action, regular communication and speedy recovery of the platform.
@rsabreeI agree completely.
Thank you Khoros for keeping up safe from attackers and also for the constant stream of communication during the crisis.
Thank you for keeping this contained and under control - security always comes first! Fingers crossed we won't have a like situation for a long time.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.