What happened

• Last Friday (September 20th) there was an incident in which emails about accepted findings were massively sent.
• We are currently finishing the implementation of the functionality which allows setting a time limit for the acceptation of findings on the platform.
• The final step of this functionality is to assign a maximum time of three months to all existing findings that have already been accepted. In the process of performing the latter, due to a programming error, the acceptation emails were sent again and multiple times.
• The programming mistake that was made allowed the script that updates the acceptation dates of findings to be executed repeatedly and without notice from a development workstation.

What we’ve done

• As of today (September 23rd), the programming errors have been solved and the emails will not be sent again in this process.
• To avoid future occurrences of this type, we have restricted the credentials that we used to send all the emails, so now a double check is needed to send any of them.

What’s the impact

• Approximately 100,000 emails were sent to customers. The users that were affected the most were those who had several projects with assumed findings, receiving up to 1100 emails.
• No finding that had not previously been accepted was modified, nor were their justification and treatment manager modified.

What we are doing to help
With this announcement, customers are being notified that this does not represent a security threat and was only an internal error.