We have detected a vulnerability in one of our Tenfour.org servers that could have caused some user data to be exposed. We have secured the affected services, and while it is not certain that user data has been obtained by a 3rd party, there is potential for it to have happened. Because of this, we are notifying all the affected users.
This is the information that could have been leaked, if you were added as a contact or were an organization owner in a Tenfour organization (if you added this information):
- Full name
- Phone number
- Address
In addition to this information, for Tenfour organizations owners with payment details, the following information could have been accessed:
- Last 4 digits of credit card number
- CC expiration date
We have taken the following measures
- Regenerated all access credentials to our servers and services related to tenfour.org and revoked old credentials.
- Identified any potentially leaked data and notified affected users.
- Notified relevant authorities of this potential data breach.
- Applied a patch to the vulnerable code, to eliminate the vulnerability.
What You Can Do to protect yourself
If you detect any suspicious messages being sent to your phone, email, or any correspondence you cannot identify as legitimate, please do not respond to it and be extremely wary of any links or instructions sent by it. Ushahidi will never ask for your password or full credit card numbers to be sent through one of our communication channels such as Intercom, SMS, Twitter or email.
For more information about this issue please contact data@ushahidi.com.