TribeBlog

The morning of Thursday, November 26th the Onetribe host server experienced configuration errors which resulted in an open email relay, permitting spam emails to be sent from support@onetribe.nu

Our technical contact spotted this amazingly quickly and locked down the server and killed the mail queue – unfortunately many messages did make it through.

No actual customer data was compromised (we do not actually store ANY financial information on our server, simply your email and shipping information), so you may rest assured that even if you did receive some random spam from Taiwan, it is nothing more than a huge pain in the ass for you and us.

For those of you that did receive messages, I am very, very sorry that this happened. Please rest assured that we are working our asses off to figure out how this happened so that it will never happen again. Unfortunately with automated server system updates and general things-moving-at-the-speed-of-light nature of the internet, it is impossible to guarantee that everything is safe 24/7/365. There are literally thousands, if not near millions of automated systems constantly scouring the internet looking for vulnerable host computers (both commercial servers and your and our own personal computers) to do these sorts of things with.

Again, we are very sorry about any inconvenience this may cause. This has completely ruined our holiday break and we have been and will continue to be working diligently toward a resolution, and quite possibly a server move and full system rebuild just to be on the safe side. We understand that in doing business with us, you are entrusting us with your personal information, and we are both very sorry and determined as hell to make sure this never, ever happens again.

Jared and the Onetribe Team

UPDATE: We have identified the problem as having been a vulnerability with a specific facet of the shopping cart software (present in the actual software package) and not the server security itself. The issue has been resolved.