Connect with us

Hi, what are you looking for?

Cyber Incident 2023

ownCloud Cyber Incident 2023

General communication on incident05 December 2023

Subject: Notification of ownCloud cyber incident

The ownCloud application and details of the incident  

Following the recent incident where a criminal third party unlawfully obtained access to an isolated ownCloud server hosted by SigniFlow (Pty) Ltd (South Africa), we are providing a further update on our investigation.  

ownCloud is a self-hosted file synchronisation and sharing platform used for storing, sharing, and accessing files. The solution is similar to other cloud services such as Google Drive or Dropbox.  

On 21 November 2023, ownCloud disclosed a zero-day vulnerability (CVE-2023-49103) of their platform. We understand that the vulnerability enables the unlawful and unauthorised intrusion of an ownCloud server.  

Our use of the ownCloud application was limited to the storage of certain company information and the sharing of software update files between internal teams. The ownCloud service was also in use by two clients who opted to use it for uploading documents, limited to support functions, outside the normal support channels. 

On 28 November 2023, we received suspicious alerts from the ownCloud service in respect of data access and deletion that was actioned without authorisation. We immediately investigated and took action to isolate and take the affected ownCloud service offline. An investigation was initiated to understand the scope of the incident. External legal and forensic specialists were appointed to assist with our investigation.  

The investigation revealed that the zero-day vulnerability (CVE-2023-49103) was exploited on the ownCloud service which led to a criminal third party gaining access to this service.  

Status of our investigation 

We have determined that data was impacted with the majority of the files being non-sensitive and non-confidential information about our business.  

We have experienced no disruption to our services and confirm that the vulnerability has been contained and resolved. This is because our reliance on the ownCloud service was limited to the specific circumstances as explained above.  

We can confirm that there was data accessed and exfiltration of third-party data stored on the ownCloud service. Details of the incident were shared with the third parties on 29 November 2023 so that further investigations and notifications could take place. We are actively supporting those third parties affected and will continue to do so by providing clarity and information where required.      

Impact on other services 

The ownCloud application is in no way connected to our network or core systems and service offering. We have no reason to believe that our core systems have been impacted or that any access was gained into our environment(s) by unlawful third parties through this incident.  

We take the confidentiality, privacy and security of data and personal information very seriously. We have taken additional measures to increase monitoring and security protocols where possible and urge all customers and consumers to remain vigilant in respect of this zero-day vulnerability.  

Our investigations are still ongoing, and we thank you for your understanding and cooperation during this time. 

If you have any questions or concerns, please feel free to contact our head of legal and compliance at [email protected].  

Print Friendly, PDF & Email

You May Also Like

Electronic Signatures

When it comes to digital and electronic signatures, you have plenty of options to choose from. However, it’s important not to overlook the small...

Electronic Signatures

Electronic signatures have become essential to any business as they provide security, convenience and efficiency in various business transactions. A comprehensive understanding of the...

Electronic Signatures

SigniFlow’s Digital Signing and Sealing Service (DSS) automates large volumes of trusted digital signatures or seals for your company, software application or individuals using...

Electronic Signatures

Generating a substantial amount of reliable digital signatures or seals may appear daunting, especially given the potential for human error. SigniFlow’s Digital Signing Service (DSS)...

Electronic Signatures

Make 2024 the year to catch up and get it done! Prioritise, digitise and automate your document workflows with SigniFlow. Get more done in...

Electronic Signatures

SigniFlow provides software that keeps on giving, and this is because this software solution is more than just an e-signature platform. It’s a powerful...

Copyright © 2023 - SIGNIFLOW© SOFTWARE
Disclaimer: The information in this BLOG is provided for general informational purposes only and is the opinion of the author only. No information contained in this blog should be construed as legal advice from SigniFlow or the individual author, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this blog should act or refrain from acting on the basis of any information included in, or accessible through, this blog without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue.