Dear Backlog Online Community Users,
On April 2, 2020, we received a report from an external source that there was a system vulnerability in our Backlog online community (specifically this forum) that allows a third party to log in with an administrator account through unofficial means.
We conducted an investigation and confirmed this. The information that could be viewed by the admin account is as follows:
- Email address registered in the community
- User icon if set
The vulnerability was fixed within the same day, and we have confirmed through system logs that no information was tampered or downloaded, and no other information was put at risk.
Please note that this incident does not affect any of Nulab's product services including Backlog, Cacoo, and Typetalk.
We have individually notified users via email who may have been affected. It is only possible now to make an announcement because it was necessary to conduct an investigation, consult with enforcement/investigative agencies and confirm the identity of the reporter.
We sincerely apologize for the inconvenience caused to our users. We take your information and security seriously, and will employ further efforts to prevent any recurrences in future.
If you have any questions or concerns about this issue, please contact us via our contact form.
Thank you for your continued support.
Post is closed for comments.