Security Notification

On May 8, 2018, we discovered an unauthorized login to an email list website hosted by PCF. The website contained a list of email addresses which belong to a subset of Amara users, as well as others registered for PCF email updates. We are notifying users of this breach because it’s possible the attacker gained access to the email addresses, names, Amara usernames, or other information related to email list registration. Please note that there was no data related to passwords stored on the email list website.

 

After discovering this breach, we shut down the affected website at 10am EDT on May 10th. We are confident that the incident was isolated and does not affect any of PCF’s other services.

Breach Overview

  • Discovery – Unauthorized login discovered on standalone mailing list website.
  • Data – Website contained email addresses, names, Amara usernames, and other information from email list registration; there was no password-related data. The website/application was entirely independent of Amara.org.
  • Remedy – We deleted and decommissioned the email list website and host server.
  • Follow-up – Continual monitoring; no sign of any other malicious activity discovered.

Our Apology and Our Commitment

We apologize for any inconvenience that this intrusion might cause our users or supporters. PCF is committed to making the world more inclusive, accessible, and participatory; an important part of this mission is ensuring the safety of our users and supporters’ data.

We will be reaching out to the individuals who were on the affected email list to notify of the breach *.

Sincerely,

Dean Jansen

Executive Director & CEO

Participatory Culture Foundation


* Verifying the email addresses, before sending a mass notification, will require some time.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s