Attackers could gain access to the database or file storage to steal intellectual property.
If you use FileCatalyst Workflow, ensure you are running the following or newer versions: filecatalyst+leak
A fast file-copying tool for Linux/Unix. When misconfigured with "read only = false" and no "auth users" , anyone can list, download, upload, or delete files without a password. Attackers could gain access to the database or
| Date/Time (UTC) | Event | |-----------------|-------| | | Customer A (a media studio) initiates a 120 GB video transfer using FileCatalyst Enterprise. | | 2024‑01‑06 08:14 | FileCatalyst server creates a temporary object in the S3 bucket fc‑staging‑prod-us-east-1 . | | 2024‑01‑06 08:16 | An AWS CloudFormation script executed by the IT team mistakenly sets the bucket’s ACL to public-read instead of the intended private . | | 2024‑01‑06 08:20 – 2024‑01‑15 23:45 | Over 340 customers upload files ranging from 200 MB to 12 GB. All objects inherit the public‑read ACL. | | 2024‑01‑15 23:45 | Security researcher “CypherShade” discovers the bucket via a S3 bucket enumeration tool and posts the find on HackerOne (public disclosure). | | 2024‑01‑16 01:20 | FileCatalyst’s internal security team receives the HackerOne notification. | | 2024‑01‑16 04:00 | FileCatalyst disables public access to the bucket, revokes all signed URLs, and initiates forensic collection. | | 2024‑01‑16 12:00 | FileCatalyst notifies affected customers (first batch of 120). | | 2024‑01‑16 18:30 | Full list of impacted customers (≈ 340) compiled; detailed data‑exposure matrix prepared. | | 2024‑01‑17 08:00 | FileCatalyst releases Patch 1.6.3 fixing the default bucket‑policy handling in the management console. | | 2024‑01‑18 10:00 | Public statement issued by Open Text, acknowledging the breach and outlining remediation steps. | | 2024‑02‑02 | Independent third‑party audit (Mandiant) publishes a post‑incident report confirming root cause and recommending mitigations. | | Date/Time (UTC) | Event | |-----------------|-------| |
Attackers could gain access to the database or file storage to steal intellectual property.
If you use FileCatalyst Workflow, ensure you are running the following or newer versions:
A fast file-copying tool for Linux/Unix. When misconfigured with "read only = false" and no "auth users" , anyone can list, download, upload, or delete files without a password.
| Date/Time (UTC) | Event | |-----------------|-------| | | Customer A (a media studio) initiates a 120 GB video transfer using FileCatalyst Enterprise. | | 2024‑01‑06 08:14 | FileCatalyst server creates a temporary object in the S3 bucket fc‑staging‑prod-us-east-1 . | | 2024‑01‑06 08:16 | An AWS CloudFormation script executed by the IT team mistakenly sets the bucket’s ACL to public-read instead of the intended private . | | 2024‑01‑06 08:20 – 2024‑01‑15 23:45 | Over 340 customers upload files ranging from 200 MB to 12 GB. All objects inherit the public‑read ACL. | | 2024‑01‑15 23:45 | Security researcher “CypherShade” discovers the bucket via a S3 bucket enumeration tool and posts the find on HackerOne (public disclosure). | | 2024‑01‑16 01:20 | FileCatalyst’s internal security team receives the HackerOne notification. | | 2024‑01‑16 04:00 | FileCatalyst disables public access to the bucket, revokes all signed URLs, and initiates forensic collection. | | 2024‑01‑16 12:00 | FileCatalyst notifies affected customers (first batch of 120). | | 2024‑01‑16 18:30 | Full list of impacted customers (≈ 340) compiled; detailed data‑exposure matrix prepared. | | 2024‑01‑17 08:00 | FileCatalyst releases Patch 1.6.3 fixing the default bucket‑policy handling in the management console. | | 2024‑01‑18 10:00 | Public statement issued by Open Text, acknowledging the breach and outlining remediation steps. | | 2024‑02‑02 | Independent third‑party audit (Mandiant) publishes a post‑incident report confirming root cause and recommending mitigations. |