First off, the Campaign Monitor team wants to thank the overwhelming number of people who expressed sympathy and support after we announced yesterday that our service had been attacked and some accounts compromised. While we accept full responsibility for the situation, we really appreciate your encouragement after what has been a very long last few days.
Some of you quite rightly were upset that this could ever happen, which is completely understandable, and this follow up post is to give you an idea of how we are going to move on from here. At the bottom of yesterday’s blog post I have added a few answers to questions that came up in the comments, so definitely have a read of that.
As we continue to work with our security consultants and database consultants, we expect to identify some changes that could defend against future attacks. Although it may seem a bit like proverbially shutting the barn gate, we are committed to always protecting your data and that process will be ongoing.
So over the next few days and weeks as we focus primarily on security, some highly requested features may be held back a little. The first change which will directly impact you guys is that we’ll be asking you all to change your passwords.
This is not because we think they are compromised, but during our investigation it became clear that a lot of account passwords were not as strong as they could be. Our systems being completely locked down won’t help if your password is easily guessed. You can login and change your password yourself now, but at some time in the next week we’ll be getting everyone to update to a stronger password. Look out for a blog post when that is about to happen.
As soon as we have any more information about the initial attack, the actual actions of the hacker or any changes that might impact your usage of Campaign Monitor, we will pass it on.