On June 5th, our GetResponse Security Team identified unauthorized access to one of our internal customer support tools. This breach was the result of a sophisticated attack chain that exploited vulnerabilities of many third-party software vendors. The attacker obtained an employee’s login credentials, which allowed access to the accounts of fewer than 10 GetResponse customers.
Upon discovery, we took immediate action to mitigate the situation. Our response included:
- Notifying all impacted customers and staying in continued cooperation with them.
- Notifying hosting providers to secure our infrastructure.
- Informing relevant institutions to ensure a coordinated response.
- Increasing our internal security measures to prevent future incidents.
- Auditing all third-party applications to identify and address any vulnerabilities.
- Actively blocked malicious content that was sent to our customers.
We are fully committed to supporting our impacted customers throughout this process. We apologize for any inconvenience this may cause and assure you that we are taking all necessary steps to prevent such incidents in the future.
Your security and trust are our top priorities. We will continue to be transparent and provide updates as we enhance our security measures.
Thank you for your understanding and continued support.