On the morning of January 31, 2019, we detected an unauthorized entry into the Flowmon Support Portal database. Upon receiving this information, we shut down the portal immediately and started incident forensics. It turned out that through a single user's compromised account and through the SQL injection technique, an illegal entry into the portal user database occurred. The attacker obtained access to data, such as name, surname, company name, email, password fingerprint in MD5 format, and for some contacts also the phone number or the username of online communicators (Skype, etc.). The attack did not affect the Flowmon product in any way.
Within 24 hours we informed all users about the compromise of the portal, and in accordance with the law, we reported the personal data breach to the Office for Personal Data Protection. At the same time, we took steps to secure the Portal. Specifically, we reset all user passwords, introduced a new modern hash function, and secured the portal against SQL injection attacks. We also recommended users to change the password for other services if it was identical with the password to the support portal.
The Flowmon Support Portal is up and running effective this afternoon (February 5, 2019).
What we do to prevent future incidents
The Support Portal is built on a third-party platform that does not have a common foundation with Flowmon. This platform unfortunately used MD5 fingerprints to store password hashes. Due to the end of development and support by the platform provider, its updates are difficult. This is the reason why we took steps to move on to a new technical solution last year. In addition to its vastly improved functionality, it also brings an increased level of security. The implementation and launch of the new version of the portal will take place in the course of this year.
If you have any questions regarding this incident, please contact us at email@example.com.
Jiri Tobola, CEO at Flowmon Networks