On May 8, 2018, we discovered an unauthorized login to an email list website hosted by PCF. The website contained a list of email addresses which belong to a subset of Amara users, as well as others registered for PCF email updates. We are notifying users of this breach because it’s possible the attacker gained access to the email addresses, names, Amara usernames, or other information related to email list registration. Please note that there was no data related to passwords stored on the email list website.
After discovering this breach, we shut down the affected website at 10am EDT on May 10th. We are confident that the incident was isolated and does not affect any of PCF’s other services.
Breach Overview
- Discovery – Unauthorized login discovered on standalone mailing list website.
- Data – Website contained email addresses, names, Amara usernames, and other information from email list registration; there was no password-related data. The website/application was entirely independent of Amara.org.
- Remedy – We deleted and decommissioned the email list website and host server.
- Follow-up – Continual monitoring; no sign of any other malicious activity discovered.
Our Apology and Our Commitment
We apologize for any inconvenience that this intrusion might cause our users or supporters. PCF is committed to making the world more inclusive, accessible, and participatory; an important part of this mission is ensuring the safety of our users and supporters’ data.
We will be reaching out to the individuals who were on the affected email list to notify of the breach *.
Sincerely,
Dean Jansen
Executive Director & CEO
Participatory Culture Foundation
* Verifying the email addresses, before sending a mass notification, will require some time.
