A note to our community:
Over the past two days, we have actively updated you on the “credential stuffing” attack. We wanted to follow up with a note from our Co-founder & CEO, Adrian Graham that provides a full recap of the incident and how we resolved it. Please read the note on our blog here.
A few important details:
Late on September 13, less than 0.5% of individual Seesaw users were subjected to a coordinated “credential stuffing” attack. These individual compromised accounts were then used to send a message with a link to an inappropriate image.
- Seesaw is safe to use. Within the first few hours of learning about the attack, we took swift action. We completely disabled messaging, blocked the attacker, made sure the image was removed and no longer accessible, and proactively alerted impacted users as well as our wider community through email, social media, and our public webpage. The incident has been resolved.
- Less than 0.5% of Seesaw users were affected. Seesaw blocked the attack swiftly to prevent the message from being distributed widely. We proactively reset the passwords of all accounts we know to have been compromised. We have also adjusted our detection and blocking rules to ensure similar attacks are prevented in the future.
- Seesaw was not compromised. The attack was a result of a coordinated attempt to guess individual user account passwords, sometimes known as a 'credential stuffing' attack. In a credential stuffing attack, publicly available compromised emails/passwords that are re-used across services are used to gain access to individual user accounts.
- We have no evidence to suggest the attacker performed additional actions or accessed data in Seesaw beyond logging in and sending a message from compromised accounts. We are conducting a thorough investigation and will share updates if any new information is discovered.
We have taken a number of mitigation steps to prevent a similar attack in the future through refinements to Seesaw’s rate limiting, alerting, blocking, content detection, and login systems.
Thank you for your patience.
VP of Marketing at Seesaw