- Saasu was taken offline for just a little under 24 hours this weekend
- 2FA is now enforced on all accounts
- Further security enhancements have now been implemented
- Everything is running as per usual now
Over this past weekend, the technical team at Saasu detected a brute force attack on the platform. For those that are unaware, a brute force attack is where a hacker attempts to gain access by simulating differing passwords combination and trying to guess their way in. But rather than manually doing it, the perpetrators used sophisticated scripts to do so at scale. We were also made aware from a handful of customers since we automatically lock an account if unsuccessful attempts are made on it.
We do not believe the system was compromised since our audit logs shows that emails that aren’t even in the Saasu system was also used as part of the brute force attack. The perpetrators may have obtained a list of emails that obviously also contain Saasu customers’ email addresses.
We took down the platform whilst this was occurring to enforce emergency security enhancements so hence the platform was down for a period of time late Saturday and the first half of Sunday.
The following features were implemented to further boost the security of the platform:
2FA – Two Factor Authentication is now mandatory for all users. When you log in going forward it will prompt you to enter a 7 digit code that is sent to your email address. Only when this code is entered correctly will you be able to gain access to the Saasu platform. At this stage, it is on every successful login, but we are implementing a “Remember this device for 30 days” feature so you don’t have to do it every time.
IP Blocking – If numerous failed attempts occur, the system will automatically disable access from that IP Address. So going forward, if you happen to forget your password, please don’t keep guessing it but rather follow the steps to reset it (to prevent the system blocking you).
Enforcing Password Update – We will also be enforcing password updates if passwords do not adhere to our password rules. This will mainly affect older accounts which may have yet to adhere to these rules prior.
We believe these measures implemented with a few other minor tweaks (in the coming week) will provide the extra security that is needed to ensure that Saasu customer’s files remain safe and secure. Your security & privacy are of the utmost importance to us.
If you have any questions please don’t hesitate to contact us.