Find a Question:
Data leak in Scrum.org website explains exposes user data
Through a leak in the system Scrum.org possible names, email addresses, encrypted passwords, decryption keys, certificates and associated test scores captured. Reported that the organization into an e-mail to users.
In the e-mail notifies the organization that were discovered problems with the outgoing mail server on May 26, 2016. After investigation found that emails that should normally be sent with temporary passwords have not been sent, some caused by changed settings. In addition, a new administrator account was discovered.
Then dropped a software company that Scrum.org cooperates know that their software was carrying a newly discovered vulnerability that caused similar problems as those on the servers Scrum.org, which led to the immediate dissolution of the vulnerability.
Despite the fact that it is likely that a large amount of personal data were stolen, including any uploaded profile picture. It is not yet clear whether the information is indeed captured. The organization has received no evidence indicating that the information has been used by others. Scrum.org says that no information about storing financial transactions on its own servers, making such information can not be compromised.
Scrum.org has reset all user passwords and recommends users use the same password elsewhere, to change this.Viewing:-186
Answer this Question
You must be Logged In to post an Answer.
Not a member yet? Sign Up Now »
Star Points Scale
Earn points for Asking and Answering Questions!