In accordance with our full disclosure policy, FindMeOn, Inc. has learned that an offsite development machine was compromised by a third party. No user information was compromised.
The machine was a development linux server used to test (i) the verification and account indexing mechansisms and (ii) Open ID PHP implementations. The machine contained no user data, was on a separate computer network in a separate physical location (the employee’s home office), and only had a subset of FindMeOn systems installed on it for development purposes. The third party appeared to have exploited a vulnerability in an outdated PHP version, and was primarily interested in using the machine for SMTP spamming services and as a bittorrent node. The FindMeOn employee was alerted to the problem by an irregular pattern in network traffic, and immediately rectifed the situation.
Again, the machine in question was an offsite development server that contained no user information. The FindMeOn main systems were not susceptable to this attack, and are regularly updated with security patches.
Post a Comment