(no title)

==EMAIL STARTS HERE==

Hello,

You may have seen an incident reported recently regarding a security breach at Tricentis Flood. We want to provide preliminary information about what has happened, what information was involved, and what steps we are currently undertaking to help protect you.

What Happened? --- On 21 June 2020, automated systems detected a security breach of services provided by Tricentis Flood. We took immediate action to contain the breach and have since been carrying out further investigation, remediation and notification measures. The incident is reported on our Flood incident status page: https://status.flood.io/incidents/gsw7vx8cqxk5

This incident is also closely related to last week's strategic Cyber attacks on Australian authorities and businesses: https://www.abc.net.au/news/2020-06-19/foreign-cyber-hack-ta...

We believe the purpose of the attack was to steal customer data and, credentials that allow Flood to orchestrate load testing infrastructure for customers through third-party cloud providers. These credentials are used by a subset of Flood customers who utilize our 'hosted' grid infrastructure.

What Information Was Stolen? --- Potentially a cryptographic hash of your password has been obtained. While we use an irreversible hashing algorithm based on Bcrypt, we have already scrambled your password as a precaution. This means if you use username and password authentication to access Flood, you will need to reset your password.

Additionally the API token that you use to programmatically access Flood may have been revealed. We have already rotated all user's API tokens to prevent unauthorized use.

The following specific user information may have been obtained from your account: - This email address - Your first name - Your last name - Your nickname - Your company size - Your employee role

Potentially the following specific account information has also been obtained: - Your account name - Your suburb - Your state - Your country - Your postal or zip code

Next Steps --- We cannot determine if any customer test data you have provided to us, in the form of test plans and supporting test data has been obtained from your account. However, we are working on the assumption this has occurred. We will be introducing changes to the way we manage customer test data through the provision of configurable storage soon. This means we will be taking an alternative approach to persisting and encrypting customer test data. We do not plan to migrate any customer test data provided to us before this impending change.

We will release another notice to account owners via email and our status page when this change is made. We will also provide a way for you to obtain your test data, including the option to destroy it permanently.

We will be providing a detailed post-mortem of this incident at our blog, once we have completed these steps.

For More Information --- For status updates regarding this incident, please subscribe to updates on https://status.flood.io

If you have any questions, please feel free to contact our team at support@flood.io

Thank you for your patience and support throughout this challenging issue.

==EMAIL ENDS HERE==