You may have seen an incident reported recently regarding a security breach at Tricentis Flood. We want to provide preliminary information about what has happened, what information was involved, and what steps we are currently undertaking to help protect you.
What Happened?
---
On 21 June 2020, automated systems detected a security breach of services provided by Tricentis Flood. We took immediate action to contain the breach and have since been carrying out further investigation, remediation and notification measures. The incident is reported on our Flood incident status page:
https://status.flood.io/incidents/gsw7vx8cqxk5This incident is also closely related to last week's strategic Cyber attacks on Australian authorities and businesses:
https://www.abc.net.au/news/2020-06-19/foreign-cyber-hack-targets-australian-government-andbusiness/12372470We believe the purpose of the attack was to steal customer data and, credentials that allow Flood to orchestrate load testing infrastructure for customers through third-party cloud providers. These credentials are used by a subset of Flood customers who utilize our 'hosted' grid infrastructure.
What Information Was Stolen?
---
Potentially a cryptographic hash of user passwords has been obtained. While we use an irreversible hashing algorithm based on Bcrypt, we have already scrambled passwords as a precaution. This means if you use username and password authentication to access Flood, you will need to reset your password.
Additionally, the API token that you use to programmatically access Flood may have been revealed. We have already rotated all user's API tokens to prevent unauthorized use.
The following specific user information may have been obtained from your account:
- This email address
- Your first name
- Your last name
- Your nickname
- Your company size
- Your employee role
Potentially the following specific account information has also been obtained:
- Your account name
- Your address line
- Your suburb
- Your country
- Your postal or zip code
If your account has a history of using third party cloud provider credentials, we believe your credentials in the form of access key identifiers and their secrets may have been revealed. While we encrypt these credentials in our database using an AES-256-GCM algorithm, it is possible that these credentials may be decrypted.
As we cannot rotate these credentials on behalf of our customers, we ask that you either delete/replace the credentials themselves or change the associated secret.
Next Steps
---
We cannot determine if any customer test data you have provided to us, in the form of test plans and supporting test data has been obtained from your account. However, we are working on the assumption this has occurred. We will be introducing changes to the way we manage customer test data through the provision of configurable storage soon. This means we will be taking an alternative approach to persisting and encrypting customer test data. We do not plan to migrate any customer test data provided to us before this impending change.
We are releasing this message to impacted customers via email. We will release another notice to account owners via email and this status page when this change is made. We will also provide a way for you to obtain your test data, including the option to destroy it permanently.
We will be providing a detailed post-mortem of this incident at our blog, once we have completed these steps.
For More Information
---
For status updates regarding this incident, please subscribe to updates here on
https://status.flood.ioIf you have any questions, please feel free to contact our team at
support@flood.ioThank you for your patience and support throughout this challenging issue.