Security Incident Communication
To the Efabless community
If you were working on designs on Thursday (5/12 PDT) or Friday morning (5/13 PDT) and if you may have had an open session that went unsaved, you should check to see if you are missing any of your design work from these sessions.
Here is the background. Last Thursday, permissions were inadvertently reset in the course of our ongoing development processes. For much of Thursday, unbeknownst to us, the complete list of our users (the “List”) was accessible through a link in the My Account tab. The List included the names of users as well as links to users’ Toolboxes (and from there to design directories). This was brought to our attention by a vigilant community member and we took immediate remedial action Thursday evening to remove the link to the List from the My Account tab. On Friday morning, we disabled the links to the Toolboxes that were embedded in the List. There is some chance that as a result of this latter action, certain active and open sessions may have lost information during this pendency.
Through the tracking of logs, we know with certainty that the List was only viewed by one non-efabless employee community member and that no effort was made by that member to connect to the Toolbox links of other users on the List. We also know with certainty that there was never any exposure of personal information, be it LinkedIn passwords, email addresses, financial information, etc.
We are implementing procedures to protect against the recurrence of such an event in the future.
We want to thank our good samaritan for bringing this to our attention and encourage all of you to continue to help us improve the quality of service on our site.
If you have any specific questions, please do not hesitate to reach out to Rajeev Srivastava, our SVP of Platform Engineering at email@example.com
The Efabless team