Ai Squared Statement on Security
Brother passed this message onto me, supposedly from the gw-news list. Most unfortunate. Not sure I agree with vigilante approach, however.
Ai Squared customers, assistive technology users, and fellow members of the blind and visually impaired community,
Normally, you hear me talking about the products that Ai Squared produces. Today, I come to you with a completely different message. As you may be aware, in the early morning hours of Friday, January 16th, Ai Squared was the victim of a cyber-attack.
First, we want to be clear about exactly what happened and what data has been exposed.
A user was able to crack an internal password and used that password to gain access to systems in our Indiana office. Through this crack the user was able to upload a modified version of the GW Toolkit used in Window-Eyes App Central. This version of GW Toolkit broadcast some unfortunate messages mainly to users who were automatically updating their Window-Eyes apps. Once we discovered what was happening, we immediately shut down external updates to apps and replaced the hacked version with a fix. Approximate exposure time was four hours and we think the number of users exposed to the messages was minimal.
Unfortunately, the hacker then exploited another password hack that gave them access to one of our databases. The database in question held only partial transaction records for online purchases of Window-Eyes and related products. Since we do not store complete credit card information anywhere in our systems, we are confident that there has been no breach of financial data. In addition we are monitoring our systems for unauthorized use of any previously issued serial number information.
To reiterate, the hacker gained access to the GW Toolkit and a database containing a list of online purchases. We have no evidence that they gained access to financial/credit card data nor did they access our complete customer database.
Here are the steps we’ve taken in the last few days:
We have contacted all the users who have been affected by the intrusion to alert them as to what happened. While we don’t believe they will be adversely affected, it’s our responsibility to let them know what occurred.
We have changed all passwords that have access to any and all of our internal data. We continue to conduct audits to look for other potential security holes.
We have disabled any updates to App Central until further notice.
We have reported this data breach to the appropriate authorities. Rest assured that they are taking this very seriously and have launched an investigation.
On a personal note: As we are all aware, the blind community faces enough challenges to access and employment. These attacks have added to that barrier by disrupting our business and the productivity of individuals affected. We believe that the perpetrator of these attacks is, in fact, a member of our own blind and low vision user community. We call on our community to help bring them to justice. Should you have any information, please email us at t...@aisquared.com before another company in the assistive technology industry is affected. Let’s work together to stop this type of criminal misbehavior in our own community and continue building strong connections among assistive technology users.
Thank you,
Jeremy Curry
Director of Product Management
Ai Squared
Took the opportunity to check my SMA count status (1 left) and download my upgrade (as yet, no disc). Also, I'd better get myself on that list.
_______________________________________________ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
