Got this email this morning:

Dear customer, 

I am sorry to contact you on a Monday morning but I have an urgent matter I need to bring to your attention and a request for you to action, as soon as possible.

To explain, on Friday afternoon (Friday 16th August) our monitoring systems detected an issue relating to TitanHQ’s SpamTitan solution. As soon as we became aware, we quickly moved to manage the incident which included the appointment of a team of IT specialists to help us investigate.

The investigation is at a relatively early stage, and we are working as a priority to determine [any] impact on our customers. However, at this stage, our investigation has confirmed that in some instances, a back-up of a configuration file may have been exfiltrated. This file exists as it allows the restoration of the SpamTitan server, if needed.

This file contains some data which relates to client systems – this is limited to some email addresses of admins. In some cases, Lightweight Directory Access Protocol credentials were also in the file.

All the credentials are hashed and so the risk to service users is considered to be low. However, we are taking this matter extremely seriously and, as a result, I am contacting you with an action we require you to take to ensure that there is no additional impact as a result of this incident.

Specifically, we require you to:

LDAP/Exchange: Please change your LDAP/Exchange credentials if in use in SpamTitan. The password updated is required to be performed on your LDAP/Exchange servers first, followed by SpamTitan. It is also best practice to restrict access to your LDAP ports via your Firewall.

Quarantine reports: Links in prior reports will not be actionable, all future reports will work as normal. Any required mail in previous reports can be released via the UI.

SSL Certs: Please revoke and reissue the SSL certificate used in SpamTitan.  

OAuth tokens: If using the SpamTitan API please replace existing OAuth token with new token.

MFA: If using the SpamTitan MFA please reregister your MFA device.

SpamTitan Outlook Add-in: We have temporarily disabled the SpamTitan Outlook Add-in functionality.

Backup credentials: Please rotate your remote backup credentials.

Up to now, as a precaution, we have restricted access to the SpamTitan interface, although core functionality continues to operate as normal. Access has now been restored.  

We will keep you updated as further information is available.