Important notice: Data breach incident impacting Typetalk users (August 3, 2023)

At Nulab, we take our responsibility to protect your privacy very seriously.

We sincerely regret to inform you that an incident of unauthorized access to Typetalk’s log monitoring system has resulted in the leakage of certain information. As we investigate the issue further, we want to provide you with a comprehensive report on the incident, as follows:

Incident summary

Unauthorized access occurred in Typetalk’s log monitoring system, leading to the leak of log data.

Duration of occurrence

The unauthorized access took place from Friday, July 21, 2023, at 10:34 (Japan time) to Tuesday, August 1, 2023, at 11:30 (Japan time).

Event

Unauthorized access to access logs and application logs stored in the log monitoring system from July 3, 2023 (Monday) to July 24, 2023 (Monday) has been confirmed. Currently, the following information may have been leaked:

  • Email address
  • TypetalkToken used for Typetalk Bots
  • Client Credential used for OAuth 2.0 apps

We want to assure you that access logs and application logs do not contain confidential information, such as posted message content or password details.

We are currently investigating the full scope and impact of this unauthorized access and will promptly report to the relevant parties once we have comprehensive information. Our team is also taking necessary measures to prevent similar incidents from occurring in the future.

Current situation and countermeasures

We are committed to resolving this issue promptly and an investigation is currently underway to determine the scope and impact of this unauthorized access. As soon as we have any updates on the situation, we will communicate them to you without delay. Your data security is of utmost importance to us, and we sincerely apologize for any inconvenience caused.

Customers affected by this incident will receive individual notifications via email. We extend our heartfelt apologies for any inconvenience caused by this incident.

We understand the severity of this situation and are working tirelessly to rectify it. Your trust in us is invaluable, and we are fully committed to reinforcing our security measures to prevent any such occurrences in the future. If you have any questions or concerns, please do not hesitate to contact our support team.

Incident report and security measures

The cause of this incident stemmed from an adjustment to the firewall configuration of the log monitoring system. This system, originally accessible solely within Nulab’s internal network, became accessible from external networks due to this change.

In response to this issue, proactive steps were taken to rectify the situation. On Tuesday, August 1, 2023 at 11:30 a.m. (Japan Time), the firewall settings were revised to counteract unauthorized access and to prohibit any connections from the external network.

It’s important to note that the impact of this incident was limited to the Typetalk logs stored within the log monitoring system. No disruptions were observed in Backlog or Cacoo functionalities, as both remained unaffected by this event.

Measures to prevent recurrence and response

The following measures have been taken to prevent recurrence:

Access restrictions have been established on the firewall and log monitoring system to prevent unauthorized access through a multi-layered defense system in the event of human error.Unnecessary log output has been suppressed to prevent excessive information leakage in the event that unauthorized access is allowed.


Postscript

August 3, 2023 13:57 (Japan time)

In the interest of protecting user data and preventing secondary damage, the following information has been forcibly rewritten:

  • Token for a Typetalk bot with message read permission (read)
  • Client Secret for Typetalk Client app

As a result, bots and apps that read topics may experience disruptions. If you encounter any issues, please apply the changed new token or client secret to the linked program.


August 4, 2023 15:18 (Japan time)

In the interest of protecting user data and preventing secondary damage, the following information has been forcibly rewritten:

  • Tokens for Bots
  • Token for developer-created apps

Scope of coverage

  • API requests made between Monday, 3 July 2023 (Japan time) and Monday, 24 July 2023 (Japan time).
  • Query parameter contained typetalkToken or client_id and client_secret
  • Bots and developer apps with read permission on the scope

Scheduled execution date and time

  • 2023/08/04 18:00 (Japan time)

This may have caused bots and applications that post messages to topics to stop working. If you find that this has occurred, we sincerely apologize for any inconvenience caused. To resolve this, kindly integrate the updated token or Client Secret into the program you are currently using.

Before proceeding with a token reset, please note you have the option to regenerate the token yourself through the bot or developer app settings page. This allows you to carry out necessary modifications beforehand.

For those customers who have been affected by this incident, individual notifications will be sent via email.


August 4, 2023 19:27 (Japan time)

Tokens for bots and tokens for developer-created apps that have been affected by this matter and have been emailed to you individually have been forcibly rewritten at the following time.

August 4, 2023, 18:00 (Japan time)


August 10, 2023 15:47 (Japan time)

We have inspected the logs for the affected period and found no evidence of unauthorized access, bots, or unauthorized use of the application by a third party.

  • No secondary damage has been reported from the affected tokens.
  • We obtained IP addresses from the access logs of the affected tokens, limited the location information, and confirmed that the access was permanent.
  • We investigated the affected tokens from their access logs and confirmed that there were no suspicious accesses.

August 16, 2023 17:30 (Japan time)

We have conducted a detailed internal investigation of the incident, and have added information on the cause of the outbreak, its countermeasures, and the scope of the impact.


August 22, 2023 16:17 (Japan time)

Recurrence prevention measures have been documented.

Gain skills, learn strategies, move projects forward

Collaborate and bring your projects to life with Nulab

Learn more