Sadly, GW Micro-Ai Squaired is not the first company to suffer one of
these hacks. A while ago, Serotek, another leader in assistive
technology had a similar thing happen to them. Their former CEO had his
twitter account hacked and some very similar messages to the one posted
last Friday got out. Obviously, someone in the blindness community has
far too much time on their hands and nothing better to do than to cause
problems. i'm sure when that FBI agent knocks on their door it'll throw
a scare into them and they'll think twice about screwing around. Or at
least, we can all hope so.
On 1/23/2015 2:13 AM, Ike wrote:
even with partial credit card info there can be problems, be extra
careful and contact the fbi or secret service as they can get to the
bottom of it
----- Original Message -----
*From:* Jeremy Curry <mailto:[email protected]>
*To:* [email protected] <mailto:[email protected]>
*Sent:* Wednesday, January 21, 2015 2:58 PM
*Subject:* Ai Squared Statement on Security
Ai Squared customers, assistive technology users, and fellow
members of the blind and visually impaired community,
Normally, you hear me talking about the products that Ai Squared
produces. Today, I come to you with a completely different
message. As you may be aware, in the early morning hours of
Friday, January 16th, Ai Squared was the victim of a cyber-attack.
First, we want to be clear about exactly what happened and what
data has been exposed.
A user was able to crack an internal password and used that
password to gain access to systems in our Indiana office. Through
this crack the user was able to upload a modified version of the
GW Toolkit used in Window-Eyes App Central. This version of GW
Toolkit broadcast some unfortunate messages mainly to users who
were automatically updating their Window-Eyes apps. Once we
discovered what was happening, we immediately shut down external
updates to apps and replaced the hacked version with a fix.
Approximate exposure time was four hours and we think the number
of users exposed to the messages was minimal.
Unfortunately, the hacker then exploited another password hack
that gave them access to one of our databases. The database in
question held only partial transaction records for online
purchases of Window-Eyes and related products. Since we do not
store complete credit card information anywhere in our systems, we
are confident that there has been no breach of financial data. In
addition we are monitoring our systems for unauthorized use of any
previously issued serial number information.
To reiterate, the hacker gained access to the GW Toolkit and a
database containing a list of online purchases. We have no
evidence that they gained access to financial/credit card data nor
did they access our complete customer database.
Here are the steps we’ve taken in the last few days:
* We have contacted all the users who have been affected by the
intrusion to alert them as to what happened. While we don’t
believe they will be adversely affected, it’s our
responsibility to let them know what occurred.
* We have changed all passwords that have access to any and all
of our internal data. We continue to conduct audits to look
for other potential security holes.
* We have disabled any updates to App Central until further notice.
* We have reported this data breach to the appropriate
authorities. Rest assured that they are taking this very
seriously and have launched an investigation.
On a personal note: As we are all aware, the blind community faces
enough challenges to access and employment. These attacks have
added to that barrier by disrupting our business and the
productivity of individuals affected. We believe that the
perpetrator of these attacks is, in fact, a member of our own
blind and low vision user community. We call on our community to
help bring them to justice. Should you have any information,
please email us at [email protected]
<http://www.mailing-sender.net/221/235pbdao49bo26b/222/844.html>
before another company in the assistive technology industry is
affected. Let’s work together to stop this type of criminal
misbehavior in our own community and continue building strong
connections among assistive technology users.
Thank you,
Jeremy Curry
Director of Product Management
Ai Squared
Email not displaying correctly? View Online
<http://www.mailing-sender.net/2f2u342hcabl56cp33c/2f3.html>
<http://www.mailing-sender.net/350u364sd09k5ca/39a/351/974.html>
Unsubscribe
<http://www.mailing-sender.net/31e/346/cd7t598z368m31f.html>
If you reply to this message it will be delivered to the original sender only.
If your reply would benefit others on the list and your message is related to
GW Micro, then please consider sending your message to [email protected] so
the entire list will receive it.
GW-Info messages are archived at http://www.gwmicro.com/gwinfo. You can manage
your list subscription at http://www.gwmicro.com/listserv.
