Dear Slidely and Promo community,
I''m writing to notify you about a targeted breach of some of our servers which hold some of our customers' account information but do not include any financial data. Whilst the issue has been identified and resolved, we continue to work closely with cybersecurity experts and relevant authorities and have already implemented further security measures and features.
This message provides important information. We would like to apologise sincerely for the inconvenience caused.
What we know
On July 21, 2020, our team became aware that a data security vulnerability on a third-party service which affected many companies had caused a breach affecting certain non-finance related Slidely and Promo user data. We immediately launched an internal investigation to identify what had occurred and to take all necessary steps to protect our customers.
What information was involved
First and foremost, no financial data such as credit cards and billing information, was accessed as we never store this information on our servers.
The breached servers held the following data: first name, last name, email address, IP address, approximated user location based on the IP address, gender, as well as encrypted, hashed and salted passwords to Slidely and Promo. Your account password was hashed and salted (a method used to secure passwords with a key), however, it is possible that it could subsequently have been decoded.
What we are doing about it
We have acted immediately and are taking this incident and the security of your information extremely seriously. We are protecting you and the rest of our community in the following ways:
- We are sending you this update with recommendations on what you should do
- We have completely removed the vulnerable third-party service from our platform
- We've hired a leading cybersecurity specialist to further review and reinforce our protections
- We continuously enhance our safeguards and systems that detect and prevent unauthorized access to user accounts
What you should do
As an immediate precautionary measure, you should reset the password to your Promo or Slidely account as soon as possible. To do so, please use this link: https://promo.com/forgot and follow the instructions there.
Also, if you have been using the same or a similar password for other online accounts, we strongly recommend you change those passwords to protect those accounts as well. For your convenience, please check out the best practices here.
For more information
Should you want any additional information or would like to connect with our team contact us at support@promo.com. We are working around the clock and are here to help and support you.
Sincerely,
Tom More, CEO