Siena experienced a minor incident on March 26, 2024 affecting API, lasting 15m. The incident has been resolved; the full update timeline is below.
Affected components
Update timeline
- investigating May 21, 2024, 01:25 PM UTC
We have identified and are currently examining a situation involving a limited and temporary visibility of credentials within our documentation process. This matter was promptly detected, and our initial review confirms that there has been no unauthorized access or data compromise.
- resolved May 21, 2024, 01:27 PM UTC
As previously communicated, we identified and promptly addressed an incident where certain credentials were temporarily visible due to a documentation process anomaly. We immediately took steps to secure the affected credentials and initiated a thorough investigation. Resolution Details: Swift Remediation: The exposed credentials were quickly secured, and we have verified the integrity of our systems to ensure no unauthorized access occurred. Enhanced Security Measures: We have implemented additional security protocols and checks to further safeguard our platform against similar incidents. Comprehensive Review Completed: Our in-depth analysis has concluded, reaffirming that no data was accessed, altered, or lost. This incident was contained and resolved with no impact on our users or their data.
- postmortem May 21, 2024, 01:31 PM UTC
\[Post mortem summary posted on April 6th, 2024 - 06:00 AM UTC\] Security Incident Summary - SIAI-1003 A complete post mortem of the incident can be found here: [https://docs.google.com/document/d/1j4pB9a9sLt6cLXkHNWT8LyRGBShsZgXDUDwo3lVrI\_8/edit#heading=h.cohx1boyks0w](https://docs.google.com/document/d/1j4pB9a9sLt6cLXkHNWT8LyRGBShsZgXDUDwo3lVrI_8/edit#heading=h.cohx1boyks0w) Incident Overview: On March 27, 2024, Siena AI was alerted by an anonymous penetration testing group to a security vulnerability involving inadvertently exposed login credentials in an internal documentation video. This issue affected a total of 22 customer helpdesk accounts across Gorgias, Zendesk, and Kustomer platforms. Immediate Actions Taken: The compromised video was removed and all related content was secured. Passwords for the affected and all Siena AI customer accounts were reset. Customer passwords were transitioned to a secure password manager. An internal audit confirmed no unauthorized access or data compromise. Full transparency was maintained through timely updates on our status page. Incident Analysis: The exposure was traced back to an oversight in our content review process, specifically within customer support documentation and training materials, and password management protocols. Post-Incident Response: Secure storage solutions were adopted for all documentation. A mandatory security training for employees was conducted from March 28 to April 3, 2024. A new Security Manual and updated onboarding processes were introduced. A content review committee was established to oversee the publication of all public-facing materials. Future Preventative Measures: Siena AI is enhancing its security measures by implementing automated scanning tools for sensitive information, strengthening access control and encryption, and fostering a strong security culture among employees. Conclusion: This incident highlights the critical importance of rigorous security practices. Siena AI remains steadfast in its commitment to safeguarding data and upholding the highest security standards.