Spamming from malicious attacker
Incident Report for Proto
Postmortem

At approximately 8AM GMT+3, a malicious user affected clients of target, using the automatic forwarding of incoming email replies feature within Track.

The feature automatically sends an email to respondent(s) when an email reply is detected, and the malicious user managed to bypass various validations using a work-around to setup our case emails to be respondents, along with the clients of target.

As a result, the malicious user was able to setup an exponentially growing, infinite loop that would spam clients of target, containing profane messages.

We have immediately disabled the automatic forwarding feature for incoming email replies, and have removed all remaining 7000+ in queue. We have observed that this exploit is no longer occurring, or reproducible, and have marked the issue resolved after 6+ hours of monitoring.

Proto sincerely apologizes for any clients affected by this negative impact.
We will re-enable this feature once a robust solution has been implemented by the engineering team.

Posted Jul 26, 2023 - 05:31 PDT
Resolved
We have monitored for 5+ hours, and the issue is not reoccurring.
Issue has been marked as resolved.

We will leave the automatic forwarding feature disabled until further improvements have been implemented.
Posted Jul 26, 2023 - 05:04 PDT
Monitoring
At approximately 8AM GMT+3, we noticed a malicious user generating spam emails using the automatic forwarding of email replies.
We have taken immediate measure, by disabling the feature for automatic forwarding of email replies, and removing all spam emails in the queue.

We are no longer observing the spam emails, and will continue to monitor our system.
We apologize for any inconvenience, and negative impacts caused by this issue.
Posted Jul 26, 2023 - 05:02 PDT
Current Status Powered by Atlassian Statuspage