Industry Security Events Responses
- 30 May 2023
- 2 Minutes to read
- Print
- DarkLight
- PDF
Industry Security Events Responses
- Updated on 30 May 2023
- 2 Minutes to read
- Print
- DarkLight
- PDF
- New
Article Summary
Share feedback
Thanks for sharing your feedback!
The technology industry deals with security events on a regular basis. This article provides Dialpad's official response to such events to help you stay informed about how these major security events impact our products and services. If any events lead to incidents that impact customer data or require customer action, Dialpad will reach directly out to affected customers, and may post updates to our status page.
Because of the sensitive nature of our investigations, not all details are posted to this help center.
| Date | Affected Components | Incident Details | Dialpad Impact |
|---|---|---|---|
03/22/22 | Okta | On March 22, 2022, Okta confirmed the screenshots posted online by hacking group, Lapsus$, were related to an incident that occured back in January 2022. The hacking group had access to a support engineer’s laptop for five days. The engineer had admin access to perform functions such as resetting customers’ multi-factor authentication (MFA) and passwords. Okta reached out to customers who have been impacted by this incident and may have had their data viewed or acted upon by the hacking group. | Dialpad uses Okta internally to access applications using single sign-on (SSO). Dialpad investigated possible effects to our Okta tenant. Dialpad verified Okta Support access was disabled and ran several queries on our Okta system logs for the last 4 months (creating/deleting accounts, password changes, MFA resets, policy changes, admin activity, etc.). No suspicious or unusual activity from Okta Support or Dialpad personnel was discovered in our Okta tenant. Also, Dialpad has not been contacted by Okta with any identified impact, but Dialpad will continue to monitor and investigate any new public reports that may affect us. |
12/10/21 | Apache Log4j2 | A suite of vulnerabilities was discovered in Apache Log4j versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) which dependent on configuration could lead to code execution or denial of service conditions. CVEs Include: | Dialpad investigated possible effects to Dialpad products, infrastructure, and enterprise tooling. There were identified uses of Log4j2 libraries within Dialpad infrastructure and those were patched with emergency patches in each of the identified components. One other component that used Log4j was retired from an infrastructure pipeline upon identification.
Dialpad also performed a forensic analysis to determine if the vulnerability was used against Dialpad products and no instances were identified. |
07/02/21 | Kaseya VSA | A supply chain ransomware campaign was executed against Kaseya’s VSA Software. | Dialpad did not identify any usage of Kaseya VSA products.
|
03/09/21 | Verkada Platform | Verkada’s platform was compromised by attackers and they accessed customer data, including video, of a subset of Verkada’s customers. | Dialpad did not identify any usage of Verkada products and has confirmed that no Verkada products are used by its subprocessors providing physical facilities of our infrastructure or offices.
|
12/13/2020 | Solarwinds Orion and | SolarWinds was the victim of a cyberattack to their systems that inserted a vulnerability (SUNBURST) within the SolarWinds® Orion® Platform. The vulnerability was identified as an Advanced Persistent Threat (APT) for the platform. | Dialpad did not identify any usage of the affected Solarwinds products. The incident does not impact Dialpad’s products or services. |
Related Resources:
Was this article helpful?
