Connect with us

Hi, what are you looking for?

Cyber Incident 2023

ownCloud Cyber Incident 2023

General communication on incident05 December 2023

Subject: Notification of ownCloud cyber incident

The ownCloud application and details of the incident  

Following the recent incident where a criminal third party unlawfully obtained access to an isolated ownCloud server hosted by SigniFlow (Pty) Ltd (South Africa), we are providing a further update on our investigation.  

ownCloud is a self-hosted file synchronisation and sharing platform used for storing, sharing, and accessing files. The solution is similar to other cloud services such as Google Drive or Dropbox.  

On 21 November 2023, ownCloud disclosed a zero-day vulnerability (CVE-2023-49103) of their platform. We understand that the vulnerability enables the unlawful and unauthorised intrusion of an ownCloud server.  

Our use of the ownCloud application was limited to the storage of certain company information and the sharing of software update files between internal teams. The ownCloud service was also in use by two clients who opted to use it for uploading documents, limited to support functions, outside the normal support channels. 

On 28 November 2023, we received suspicious alerts from the ownCloud service in respect of data access and deletion that was actioned without authorisation. We immediately investigated and took action to isolate and take the affected ownCloud service offline. An investigation was initiated to understand the scope of the incident. External legal and forensic specialists were appointed to assist with our investigation.  

The investigation revealed that the zero-day vulnerability (CVE-2023-49103) was exploited on the ownCloud service which led to a criminal third party gaining access to this service.  

Status of our investigation 

We have determined that data was impacted with the majority of the files being non-sensitive and non-confidential information about our business.  

We have experienced no disruption to our services and confirm that the vulnerability has been contained and resolved. This is because our reliance on the ownCloud service was limited to the specific circumstances as explained above.  

We can confirm that there was data accessed and exfiltration of third-party data stored on the ownCloud service. Details of the incident were shared with the third parties on 29 November 2023 so that further investigations and notifications could take place. We are actively supporting those third parties affected and will continue to do so by providing clarity and information where required.      

Impact on other services 

The ownCloud application is in no way connected to our network or core systems and service offering. We have no reason to believe that our core systems have been impacted or that any access was gained into our environment(s) by unlawful third parties through this incident.  

We take the confidentiality, privacy and security of data and personal information very seriously. We have taken additional measures to increase monitoring and security protocols where possible and urge all customers and consumers to remain vigilant in respect of this zero-day vulnerability.  

Our investigations are still ongoing, and we thank you for your understanding and cooperation during this time. 

If you have any questions or concerns, please feel free to contact our head of legal and compliance at [email protected].  

Print Friendly, PDF & Email

You May Also Like

Electronic Signatures

Efficiency and convenience are critical to success in the highly competitive real estate industry. Traditional paper-based processes can hinder transactions, leading to delays and...

Electronic Signatures

A short story of Mike’s incredible journey from chaos to bliss   Meet Mike. No, not your coworker Mike from IT—Mike is a document....

Electronic Signatures

NEWS FROM SIGNIFLOW Welcome to our June newsletter! This month is packed with exciting updates and innovations from SigniFlow. We’re thrilled to announce our...

Newsletter

NEWS FROM SIGNIFLOW Welcome to the May newsletter In this edition, we will focus on the education sector and all the new and exciting...

Electronic Signatures

Digital signatures play a crucial role in modern document authentication, ensuring security and integrity in various online transactions. Among the different types of digital...

Electronic Signatures

Electronic and digital signatures are crucial components of the modern Australian business landscape. While both allow for the digital signing of documents, many businesses...

Electronic Signatures

In the dynamic landscape of modern business, efficiency isn’t just a buzzword; it’s the heartbeat of success. That’s why we’re thrilled to announce the...

Electronic Signatures

The legality of electronic signatures in Ghana has become increasingly important in recent years as the country embraces digital transformation. As businesses and individuals...

Electronic Signatures

The legality of electronic signatures in Mauritius has become an increasingly pertinent topic as businesses and individuals seek more efficient and secure ways to...

Newsletter

NEWS FROM SIGNIFLOW Welcome to the March newsletter We’re delighted to have you on board as we embark on a journey through the newest...

Copyright © 2023 - SIGNIFLOW© SOFTWARE
Disclaimer: The information in this BLOG is provided for general informational purposes only and is the opinion of the author only. No information contained in this blog should be construed as legal advice from SigniFlow or the individual author, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this blog should act or refrain from acting on the basis of any information included in, or accessible through, this blog without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue.