DS Development Solutions Business Enablement Platform

7/18/2021 – 05:47PM EST – All systems are a go!

7/18/2021 – 05:47PM EST – We’ve now removed/patched the vulnerability that was exploited. On 05/3/2021 it was disclosed through software security monitoring firms of an Authenticated SQL Injection Vulnerability in software distributed by an upstream vendor of ours. Our upstream vendor has been working on a patch for this finally releasing it 3 days ago (7/15/2021). We had not rolled this patch into our version as it was in QAT(Quality Assurance Testing), this is where we confirm its working as expected and not creating any additional issues. We develop and release according to an Agile Development Methodology, meaning we release updates weekly, this was scheduled for release Tuesday 7/20/2021, prior to the Proof of Concept being publicly disclosed which was also scheduled for 7/20. Unfortunately this release was not aggressive enough timeline wise and an attacker began actively using this exploit. This attacked was able to take advantage of a free trial function we had previously offered but hadn’t completely turned off, to create an account and execute the exploit. According to our logs no account data had been compromised. We’re also dedicated to turning over every stone to ensure we’re secure from here on out. We cannot let this happen again.

You can read more about this incident on the dedicated incident page. We will be publishing more details on this page in the coming days with full disclosure on this incident.

7/17/2021 – 09:24PM EST – We’ve discovered the source of this incident and are continuing to work to properly address it. You may begin to use systems again.
7/17/2021 – 04:48PM EST – Websites should be resolving proper content. We’re still investigating the origins and possible side effects.
7/17/2021 – 04:23PM EST – Production node compromised, webpages have been hijacked and may display improper content. We’re working on a fix.
5/2/2021 – 04:35AM EST – All systems stable, upgrades complete.
5/1/2021 – 10:45PM EST – Scheduled platform upgrades underway.
4/29/2021 – 7:20PM EST – All systems are a go!
4/29/2021 – 7:15PM EST – Codebase deployment failure!
4/21/2021 – 11:50PM EST – Platform is stable and all systems are a go!
4/21/2021 – 02:48PM EST – Some email deliverability issues are being investigated!
1/23/2021 – 04:28AM EST – Platform is stable and all systems are a go!