Connect with us

Hi, what are you looking for?

Cyber Incident 2023

ownCloud Cyber Incident 2023

General communication on incident05 December 2023

Subject: Notification of ownCloud cyber incident

The ownCloud application and details of the incident  

Following the recent incident where a criminal third party unlawfully obtained access to an isolated ownCloud server hosted by SigniFlow (Pty) Ltd (South Africa), we are providing a further update on our investigation.  

ownCloud is a self-hosted file synchronisation and sharing platform used for storing, sharing, and accessing files. The solution is similar to other cloud services such as Google Drive or Dropbox.  

On 21 November 2023, ownCloud disclosed a zero-day vulnerability (CVE-2023-49103) of their platform. We understand that the vulnerability enables the unlawful and unauthorised intrusion of an ownCloud server.  

Our use of the ownCloud application was limited to the storage of certain company information and the sharing of software update files between internal teams. The ownCloud service was also in use by two clients who opted to use it for uploading documents, limited to support functions, outside the normal support channels. 

On 28 November 2023, we received suspicious alerts from the ownCloud service in respect of data access and deletion that was actioned without authorisation. We immediately investigated and took action to isolate and take the affected ownCloud service offline. An investigation was initiated to understand the scope of the incident. External legal and forensic specialists were appointed to assist with our investigation.  

The investigation revealed that the zero-day vulnerability (CVE-2023-49103) was exploited on the ownCloud service which led to a criminal third party gaining access to this service.  

Status of our investigation 

We have determined that data was impacted with the majority of the files being non-sensitive and non-confidential information about our business.  

We have experienced no disruption to our services and confirm that the vulnerability has been contained and resolved. This is because our reliance on the ownCloud service was limited to the specific circumstances as explained above.  

We can confirm that there was data accessed and exfiltration of third-party data stored on the ownCloud service. Details of the incident were shared with the third parties on 29 November 2023 so that further investigations and notifications could take place. We are actively supporting those third parties affected and will continue to do so by providing clarity and information where required.      

Impact on other services 

The ownCloud application is in no way connected to our network or core systems and service offering. We have no reason to believe that our core systems have been impacted or that any access was gained into our environment(s) by unlawful third parties through this incident.  

We take the confidentiality, privacy and security of data and personal information very seriously. We have taken additional measures to increase monitoring and security protocols where possible and urge all customers and consumers to remain vigilant in respect of this zero-day vulnerability.  

Our investigations are still ongoing, and we thank you for your understanding and cooperation during this time. 

If you have any questions or concerns, please feel free to contact our head of legal and compliance at [email protected].  

You May Also Like

Electronic Signatures

Compliance is a tough nut to crack. But there are ways of making it much easier. Because efficiency and accuracy are so important in...

Electronic Signatures

Why eSign solutions matter in the medical sector  An eSign solution for the medical sector is no longer just a digital upgrade—it’s an essential...

Electronic Signatures

Why electronic signatures matter in retail The benefits of electronic signatures in retail go beyond just convenience—they empower businesses to drive efficiency, security, and...

Electronic Signatures

Understanding the difference between digital and electronic signatures is crucial for businesses navigating today’s digital landscape. The difference between digital and electronic signatures lies...

Electronic Signatures

Why eSign solutions matter for the Government  An eSign solution for the government is no longer just a luxury; it is an absolute necessity...

Electronic Signatures

In a remote-first world, IT Managers are expected to deliver seamless, secure, and legally compliant solutions across borders. One key question they face is:...

Electronic Signatures

Workflow automation is the process of using technology to streamline and automate repetitive tasks and complex processes, minimising the need for manual effort. With...

Electronic Signatures

A document audit log is a crucial tool for maintaining the integrity and security of digital documents. By tracking every action taken on a...

Electronic Signatures

A certified digital signature serves as a secure electronic stamp, providing assurance of the authenticity and integrity of a digital document or message. Essentially,...

Electronic Signatures

The automotive industry demands efficiency and accuracy to ensure a smooth process. With the rise of digital transformation, more automotive businesses are turning to...

Copyright © 2023 - SIGNIFLOW© SOFTWARE
Disclaimer: The information in this BLOG is provided for general informational purposes only and is the opinion of the author only. No information contained in this blog should be construed as legal advice from SigniFlow or the individual author, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this blog should act or refrain from acting on the basis of any information included in, or accessible through, this blog without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue.