Industry Security Events Responses

The technology industry deals with security events on a regular basis. This article provides Dialpad's official response to such events to help you stay informed about how these major security events impact our products and services. If any events lead to incidents that impact customer data or require customer action, Dialpad will reach directly out to affected customers, and may post updates to our status page

Because of the sensitive nature of our investigations, not all details are posted to this help center. 

Date Affected Components Incident Details Dialpad Impact

03/22/22

Okta 

On March 22, 2022, Okta confirmed the screenshots posted online by hacking group, Lapsus$, were related to an incident that occured back in January 2022.

The hacking group had access to a support engineer’s laptop for five days. The engineer had admin access to perform functions such as resetting customers’ multi-factor authentication (MFA) and passwords.


Okta reached out to customers who have been impacted by this incident and may have had their data viewed or acted upon by the hacking group. 


Okta Investigation Link

Dialpad uses Okta internally to access applications using single sign-on (SSO).


Dialpad investigated possible effects to our Okta tenant. Dialpad verified Okta Support access was disabled and ran several queries on our Okta system logs for the last 4 months (creating/deleting accounts, password changes, MFA resets, policy changes, admin activity, etc.). No suspicious or unusual activity from Okta Support or Dialpad personnel was discovered in our Okta tenant. 


Also, Dialpad has not been contacted by Okta with any identified impact, but Dialpad will continue to monitor and investigate any new public reports that may affect us.

12/10/21

Apache Log4j2 

A suite of vulnerabilities was discovered in Apache Log4j versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) which dependent on configuration could lead to code execution or denial of service conditions.

CVEs Include:

Dialpad investigated possible effects to Dialpad products, infrastructure, and enterprise tooling. There were identified uses of Log4j2 libraries within Dialpad infrastructure and those were patched with emergency patches in each of the identified components. One other component that used Log4j was retired from an infrastructure pipeline upon identification. 


No end-user components were affected and no actions were required by customers.

Dialpad also performed a forensic analysis to determine if the vulnerability was used against Dialpad products and no instances were identified. 

07/02/21

Kaseya VSA

A supply chain ransomware campaign was executed against Kaseya’s VSA Software. 

Kaseya Notice Link

Dialpad did not identify any usage of Kaseya VSA products.


This incident does not impact Dialpad’s products or services 

03/09/21

Verkada Platform

Verkada’s platform was compromised by attackers and they accessed customer data, including video, of a subset of Verkada’s customers. 


Verkada Security Incident Report

Dialpad did not identify any usage of Verkada products and has confirmed that no Verkada products are used by its subprocessors providing physical facilities of our infrastructure or offices.


This incident does not impact Dialpad's products or services. 

12/13/2020

Solarwinds Orion and 

SolarWinds was the victim of a cyberattack to their systems that inserted a vulnerability (SUNBURST) within the SolarWinds® Orion® Platform. The vulnerability was identified as an Advanced Persistent Threat (APT) for the platform. 


Solarwinds Security Advisory

Dialpad did not identify any usage of the affected Solarwinds products. 


The incident does not impact Dialpad’s products or services. 

 

Related Resources:

Was this article helpful?

/