+3
Under review

Requesting Explanation for the Forced Password Reset on October 29th.

Jeff Sebestyen 4 months ago in BLOX CMS updated by Aaron Gillette (Marketing Director, TownNews) 2 months ago 2

At the end of October 2020 all my Admin users were forced to change their password, and it came rather abruptly with no real explanation as to why this took place, nor was there any forewarning that made this seem like a planned feature update.  Was there a data breach of some sort?  

Answer

Answer
Under review

Hi Aidian,


There was no system wide data breach.  We did see some suspicious activity we saw was limited to a few client accounts. Those clients were notified.

We decided that it was prudent to change all passwords and also institute more stringent passwords to protect our customers.   

Thanks,

Of course there was a breach of some kind.  Sudden password reset requirements along with disabling the ability to promote user to admin status in Blox.  There's not much else it could be.  


The question of course is what exactly happened.  It feels like an insult that TN hasn't felt an obligation to share some details with us.  Our entire operation relies on Blox and TNCMS -- a commitment that requires an enormous amount of trust in a partner company.  Not hearing anything from TN is likely as bad or worse than the initial incident.

Answer
Under review

Hi Aidian,


There was no system wide data breach.  We did see some suspicious activity we saw was limited to a few client accounts. Those clients were notified.

We decided that it was prudent to change all passwords and also institute more stringent passwords to protect our customers.   

Thanks,