On Friday, March 17, we discovered that the password for one of our production databases had been accidentally posted to a public GitHub repository by one of our developers. We quickly worked to change the password; the password that was leaked is no longer valid for any of our systems. The password had been public for about two days prior to the discovery.
This is a serious leak and could have resulted in user data being exposed (although, after an analysis, we believe that no data was in fact accessed by any unauthorized parties). I’m writing to let you know what happened, what we believe may have been compromised, and what we recommend you do regarding your data.
What data was affected?
We have multiple databases storing your information at Fieldbook. The leaked password was for a database that contained a copy of the data in the cells of your sheets.
User emails and passwords, user code (“codelets”), and configuration such as webhooks are all contained in a separate database that was not compromised in any way. Because of this, it is not necessary to reset your Fieldbook password or to be concerned that your email address was stolen.
Further, the master copy of all sheet data is also kept in a separate database that was not compromised. Because of this, we are confident that your data was not altered.
Was my data stolen?
Based on an analysis of database logs, we believe that no data, in fact, was exposed to any outside parties. Specifically, we have done a full audit on the access and query logs for the affected database, looking at every query that was run during the exposure time, and found no unusual queries.
We have also analyzed the IP addresses that accessed the database. All the IP addresses either belong to Amazon Web Services (AWS), where Fieldbook is hosted, or to Fieldbook employees. We are following up with our hosting and database providers to further verify that the AWS IP addresses correspond to servers that were running Fieldbook services.
What should I do now?
Even though our analysis found no evidence of unauthorized access, we recommend that if you stored any passwords in a Fieldbook sheet, that you change those passwords now. (Fieldbook data is not encrypted in the database, and in fact we do not recommend it for storing passwords, credit card numbers, or protected health information, as stated in our Security & Privacy FAQ. - http://docs.fieldbook.com/docs/security-and-privacy
What is Fieldbook doing to prevent leaks in the future?
This was a terrible leak that could have let anyone access user data, and as CTO I offer my deepest apologies for this incident. While we do not believe anyone accessed any data because of this breach, it was completely unacceptable.
We’re taking a few steps to address the root causes and prevent this kind of leak in the future:
* We have rewritten the script that leaked the password. It now retrieves the password from a separate location that is not published to source code repositories.
* We have added automatic scanning for leaks from our developers to make sure these are caught before they are exposed to the public.
I understand that you may store confidential business or personal information in Fieldbook, and the security of your data is very important to you. We fell far short of our own standards in this regard.
Please don’t hesitate to reach out to us if you have any questions or concerns.
Co-Founder & CTO, Fieldbook
Mar 23, 13:41 PDT