Demo Site Vulnerability (2018-12-20)

• Status: Fixed 2018-12-20

We received a notification that our demo-site demo.humio.com exposed the email addresses of other users on the website. This was available in the ‘settings’ -> ‘members’ page for the GitHub data repository on demo.humio.com. No information other than email addresses was exposed – not names, IP addresses or any other information.

This issue is only for the demo website, not for any of our production services.

We only have concrete knowledge of a single incident where someone saw the list (the reporter of the incident, thanks!), but we cannot guarantee that someone else on the list has retrieved and stored it.

We have stopped the service of the demo site, and are fixing the code and configuration so that this does not happen again.

We are truly sorry this happened. Our team is reviewing all of our other processes and procedures to ensure no personal information is exposed elsewhere.