June 26th email notifications incident
As you probably already know, Jitbit Helpdesk had an email notifications issue earlier today. We've had some time to gather some details and talk to some of you about your concerns, so here is a detailed email with everything we know.
Needless to say that we are terribly sorry about this. This is our biggest screw-up yet and we feel absolutely awful. The least we can do now is, to be honest with you about this situation.
Admins from all helpdesk instances (where the "notify admins of new tickets" setting is enabled) in the system were receiving new ticket notifications about new tickets created between 12:11 EST and 12:16 EST (300 seconds in total).
Was it a hack or a virus on your servers?
No. It was a stupid error in our code that wasn't caught by our internal testing process and got deployed to production.
How many ticket notifications were sent out to everyone?
Somewhere between 20 and 40 tickets that were created in those four minutes.
What data was compromised?
Only new tickets created between 12:11 EST and 12:16 EST. That is ticket subject, body and whatever you have in the new ticket notification template if you've changed it from default.
Does anyone else have access to my helpdesk now?
No. Other Jitbit admins have just received a notification email. They do not have access to these tickets, your helpdesks or anything else. But keep in mind that by default, if anyone replies to a leaked notification, they might become a subscriber of that ticket and will be able to view the conversation.
What should I do now?
Review all the tickets created in your help desk between 12:11 EST and 12:16 EST. Check if any confidential data might have leaked and do what you need to do. Just to be safe, we recommend you to delete those tickets, but that's optional.
Will this issue happen again? Is Jitbit secure?
We realize that this is a huge screw-up on our side. Also, we have no excuses - this is totally our bad and we've made an absolutely stupid mistake. This may sound like a cliché answer, but the security of your data is our top priority. The cause of this issue was a human error, not our infrastructure.
Finally, we just wanted to say thanks. You all have the right to be angry at us, but you've been very nice so far. Thanks a lot for bearing with us. We are truly blessed to have such great customers.
P.S. If you still have questions, send us a line to email@example.com. Although we have 300 tickets at the moment, so our response may be delayed.