As you have probably already been informed in detail by an email we sent you, we have recently detected an unauthorized third-party access to our systems.
In order to ensure that you have no doubt that this is a real incident and that the information you received was sent by us, we also share through the Papaki blog all the details and in particular what exactly happened, what measures we have taken for your data security, as well as the actions you need to take on your part.
We recently had evidence that an unauthorized 3rd party had gained access to our systems in around July 2023.
We take this matter seriously and are actively working to address the situation to protect our customers and their data. In response, we immediately started an investigation to determine the impact on our customers. The interim results of this on-going analysis show that:
- There is a risk that the third-party intruder may have had the ability to access users’ accounts, although current evidence shows that unauthorized access probably occurred for only two out of our customer base.
- Personal data as specified below may have been exposed.
What data of yours may be affected?
Based on the current status of our investigation, your following personal data may have been accessed by the unauthorized third party:
Personal data and contact information:
- Data related to the authentication / identification of data subjects, such as credentials (username and password for our services), name, or contact details (email, phone number, etc.)
- Billing information (invoices, etc.).
- Domains information, and registrant contact details
- If you have data hosted with us, there is also a risk that these may have been compromised in the incident.
There is no risk associated with your credit card data, given that we do not process this information. Additionally, based on our current evidence, we see no risk that other types of highly sensitive data may have been compromised.
What are we doing to manage the situation?
– We have hired an external 3rd-party forensic investigator to help us understand what has happened, what the impact on our customers is, and what measures to put in place in order to improve your security.
– We have notified the relevant authorities about the incident to ensure cooperation and the best possible treatment.
– We are working on an additional security feature that will require further authorization from you when making critical changes to services in your account.
– Based on the results of our investigation, we will take any further technical and organizational measures as deemed necessary.
What do you have to do?
We strongly encourage you to implement the following best practices to improve your account security:
- Enable 2FA (two-factor authentication) in your account to increase security. Enabling 2FA strengthens access security by requiring two methods to verify your identity. It will provide you with an extra level of protection that you would not be able to achieve through just a password change. You can enable 2FA following a simple procedure described here.
- If you are using some of our services such as mailboxes, WordPress, databases access, FTP, or other applications, we also advise you to immediately modify the passwords you are using.
- If you are using your Papaki credentials for any other external partners or services, please consider to also update them.
Do you need more information?
We want to assure you that we are working tirelessly to enforce the security of our systems and to ensure that they are protected as much as possible against such incidents.
If you need further details about this incident, feel free to reach out to us at [email protected]. If you would like to know more about your data subject rights or would like to file a complaint contact our Data Protection Officer at [email protected]
We ask for your understanding and apologize for any possible delays that may occur when attempting to contact our Customer Support Department.