UserVoice’s security team recently discovered some unauthorized usage of an administrative system used to store and manage user information. Despite our ongoing efforts to prevent any type of security breach, the attacker was able to view certain types of non-financial user data.
Our investigation shows the attacker was able to access UserVoice customer names, along with associated emails, one-way encrypted passwords and random salt strings for a small subset (< 0.001%) of users. Although the passwords were encrypted, we are presuming the attackers may be able to decrypt the passwords, and are taking the necessary precautions. These precautions include the immediate resetting of all user passwords, and a series of other security enhancements.
We consider our customers’ trust in UserVoice as one of our greatest assets, and we remain steadfast in our belief that despite how this issue could undermine that trust, transparency is paramount.
We have created this page to explain the incident in further detail. The notification includes information on what we’re doing to protect your information and includes a number of frequently asked questions.
We deeply regret that this unauthorized usage occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident.
If you have any questions, please feel free to contact firstname.lastname@example.org.