Important Update: Security Incident and Our Response

Zahara Trial Account Email Feature Exploit

At Zahara, your security and trust are our top priorities. On October 18, 2024, we identified an issue involving the misuse of the “Send Test Email” function within a few trial accounts. This exploit resulted in the sending of a large number of inappropriate emails to external recipients.

Our team, led by Head of Technical Operations Nick Hedley-Harper, quickly acted to secure the affected accounts by locking them and resetting their access. Over that weekend, Nick, Martin Peirce (CEO), and James Godden (Sytems Architect) worked closely with SendGrid to investigate the incident thoroughly. After our investigation, we confirmed that approximately 250,000 emails were sent due to this exploit. Unfortunately, this led to a temporary decline in our email sending reputation.

What We’ve Done to Address the Issue

We’ve already implemented several measures to prevent this from happening again. These include:

  • Blocking the creation of new trial accounts by temporarily restricting changes to our tenancy database.

We re-activated customers whose tenancies expired during the weekend, and our team is handling this within our database.

Our Ongoing Commitment

While the exploit did not affect any customer data, we have received several emails from recipients (not customers) who were understandably concerned by the spam messages. Nick has personally responded to these inquiries, and we are grateful for the understanding shown by most recipients.

For anyone who continues to receive emails from affected recipients, we ask that you handle these with care and professionalism.

Looking Ahead

We are treating this situation as a top priority and remain committed to full transparency as we continue to monitor it closely. Our team is working around the clock to ensure that such incidents do not happen again.

We sincerely appreciate your patience and support as we resolve this issue. Your trust means everything to us, and we are taking every measure possible to safeguard your experience with us moving forward.

 

If you have any concerns or require assistance, please do not hesitate to reach out to our support team.

 

Thank you,

Zahara Team

Previous

What Does a Healthy PO System Looks Like

Next

The Budget: Zahara’s Take