Important Security Update
November 15, 2014
We care deeply about the security of our customers’ accounts and believe in sharing the details of security issues with you when we face them.
Recently, we deployed a patch to fix performance issues for the system that powers advanced search capabilities in Zopim. That patch inadvertently led to Zopim account holders being able to access the chat records and transcripts of other accounts if they were to run an advanced search of account history. This vulnerability also permitted a limited export of records that included end user email addresses from certain Zopim accounts. Based on our investigation and a review of our logs, this export involved approximately 10,000 chat log records and included approximately 3,000 end-user emails. Importantly, the information exported did not include the content of any chats, or any passwords or other credentials. We are taking necessary steps to insure that this information is not accessed or used improperly. We removed the patch within 25 minutes, and the vulnerability was fixed.
We have thoroughly investigated this incident and found that the information potentially exposed through the vulnerability was limited to a small set of our customers. We have reached out by email to the account owners and administrators for all of those impacted customers directly. If you haven’t heard from us, then your account was not affected, but we wanted you to have the facts as well.
We don’t have any information to suggest that the information exposed as a result of this incident was accessed by any party seeking to use it maliciously. We deeply regret that this incident happened, and we’re committed to doing everything we can to prevent this kind of issue from happening again. We’re already taking steps to address our deployment protocols to prevent this type of vulnerability arising in the future.
Please contact us with questions, requests for additional information or further assistance in addressing this issue. You can reach us by chatting with us at www.zopim.com
or emailing us at firstname.lastname@example.org
. We have extended our chat support hours through 11:00 pm (GMT) on Saturday, November 15.