Start Time (incident detected): May 6, 2021 - 09:54 (UTC).
End Time: May 10, 2021 - 16:00 (UTC).
Business Impact: On May 6th, we detected unauthorized access to Yotpo’s reviews API. Upon detection, we immediately engaged with industry leading cyber security investigation firms, and external security experts, led by our internal security teams, in order to mitigate the risks.
We have since blocked this unauthorized access. The incident affected only a small fraction of our customers. We have notified those clients who were affected.
We have reset credentials of all affected customers, which we believe will prevent further unauthorized access. We have also implemented several improvements to strengthen our infrastructure to help mitigate the risk of future unauthorized API access. We have focused our attention on the following areas: ● Fine-tuned monitoring of AWS API endpoint signals ● Enhanced infrastructure and application security ● Expanded threat hunting activities
We will continue to examine options to further harden our platform and to add new security capabilities for our customers.