We have automated security tests for Browsealoud, and these detected the modified file.
As a security response Texthelp took the Browsealoud product offline and started a Data Security Incident Investigation. This has removed Browsealoud from all our customer sites effective 15:20 GMT Sunday 11th February, removing any risk of any of our customers or customers users being impacted by the event.
The problem has been resolved. Browsealoud is being kept offline for 24 hours to allow us to communicate with our customers to ensure that they are happy with our response before we restore the service.
This only affects Browsealoud. No other Texthelp products have been impacted.
This incident has not affected any of the content or files on your website. The script runs on client computers.
The Browsealoud service has been temporarily taken offline and the security breach has already been addressed, however Browsealoud will remain offline until Thursday, 15th February 2018 at 12:00 GMT. This is to allow time for our customers to learn about the issue and our response plan.
If you do not want Browsealoud to restart automatically on Thursday at 12:00 GMT you can log into the Browsealoud Portal and switch the service off. This 72 hour deliberate period of downtime will be considered as downtime as part of your SLA, and you will be entitled to four additional free days of service at the end of your current term.
Please see this document for more details of how to disable Browsealoud.
The Browsealoud service will resume on your site at 12 noon GMT on Thursday 15th February 2018 unless you take action.
The malicious script did not target any user data. It uses CPU time on a computer to run algorithms that attempt to generate cryptocurrency. No website data or personal date entered by customers onto your websites has been affected.
Users may have received warnings from their AntiVirus software, which will have blocked the script. Your end users will not have had any personal data risk.
If you visited a Browsealoud-enabled website between 11:14 and 15:20 on Sunday 11th February, the exploit may have used CPU power on your computer to generate cryptocurrency.
As soon as you closed or left the webpage, the script would have stopped running. There is no continuing threat to your computer after this. At no point was there any attempt to access personal data on your computer.
We would always recommend that you have up-to-date anti-virus software running on your computer as a general precaution.
If you have any questions, please contact firstname.lastname@example.org
Questions sent to this address will be answered directly, and if appropriate added to the FAQ document.
At Texthelp we have started a Data Security Incident investigation. The attack was a criminal act, and a thorough investigation is underway. A security review will be conducted by an independent security consultancy. The investigation is ongoing, and customers will receive a further update when the security investigated has been completed.