General > General Technical Chat

Adafruit Data Breach

(1/12) > >>

EEVblog:
Data breach at Adafruit, and they didn't inform anyone.

https://blog.adafruit.com/2022/03/04/a-github-repository-was-public-viewable/


--- Quote ---MARCH 4, 2022 AT 8:00 AM
A GitHub repository was public-viewable
A GitHub repository was public-viewable

We’ve recently become aware of an inadvertent private-to-public viewable GitHub repository that could have enabled unauthorized access to information about certain user accounts on or before 2019.

The inadvertent disclosure involved an auditing data set used for employee training becoming public, on a GitHub repository associated with an inactive former employee’s account who was learning data analysis. The repository contained some names, email addresses, shipping/billing addresses and/or whether orders were placed successfully via credit card processor and/or PayPal, as well as details for some orders. There were no user passwords or financial information such as credit cards in the data analysis set.

Within 15 minutes of being notified about the inadvertent disclosure, Adafruit worked with the former employee, deleted the relevant GitHub repository and the Adafruit team began the forensic process to determine what and if there was any access and what type of data was involved. Although we are unaware of any actual misuse of the information, we are providing this notice to you for transparency and accountability. We are additionally putting in place more protocols and access controls to avoid any possible future data exposure and limiting access for employee training use.

As a reminder, for your security, we will never send you a link to reset your password as part of a security alert, our customer support team will never contact you asking for your password. If you receive an email of this nature, or otherwise suspect that someone is attempting to gain access to your account or solicit your personal information, or have any other questions about this process, please contact us at security@adafruit.com

We would also like to thank all individuals who have and continue to contribute to the security of our users by disclosing vulnerabilities to us responsibly https://www.adafruit.com/reportingsecurityissues

Why aren’t we sending an email to every user?
We evaluated the risk and consulted with our privacy lawyers and legal experts, and took the approach that we thought appropriately mitigated any issues while being open and transparent and did not believe emailing directly was helpful in this case. Adafruit publishes all security disclosures on our blog and security pages. There is no action for the users to perform. There were no user passwords or financial information such as credit cards in the data analysis set.

https://www.adafruit.com/reportingsecurityissues
https://www.adafruit.com/responsibledisclosurethanks

Previous disclosure post(s):
https://blog.adafruit.com/2016/11/01/keeping-your-account-protected/

Phillip Torrone, Managing Director & Limor “Ladyada” Fried, founder and the Adafruit team – Adafruit, 150 Varick Street, NY, NY 10013
--- End quote ---

EEVblog:
FYI, Adafruit are blocking people on Twitter for mentioning this  :palm:

Ed.Kloonk:

--- Quote from: EEVblog on March 07, 2022, 06:11:45 am ---FYI, Adafruit are blocking people on Twitter for mentioning this  :palm:

--- End quote ---

Classic shit show. I resisted commenting, but here we are.

hans:

--- Quote ---We evaluated the risk and consulted with our privacy lawyers and legal experts, and took the approach that we thought appropriately mitigated any issues while being open and transparent and did not believe emailing directly was helpful in this case.
--- End quote ---

It's always fun to pack up a contradiction with many words, hoping no one will notice.
I'm actually more surprised a company wouldn't write the 2nd sentence the other way around. The last thing someone read will stick better.

madires:

--- Quote from: EEVblog on March 07, 2022, 06:11:45 am ---FYI, Adafruit are blocking people on Twitter for mentioning this  :palm:

--- End quote ---

... because

--- Quote ---we are providing this notice to you for transparency and accountability.

--- End quote ---

What a bunch of hypocrites! :--

Navigation

[0] Message Index

[#] Next page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod