Account Security
Incident Report for Campaign Monitor
Resolved
The Campaign Monitor team has identified unusual login activity across a small number of customer accounts - 88 in total. At this time, the observed malicious behaviour is contingent with a bad actor having compromised credentials external to Campaign Monitor.

Campaign Monitor takes the security and integrity of our customers’ accounts very seriously. We employ a number of tools designed to help us identify unauthorized account access as quickly as possible, and we have procedures in place to quickly secure accounts that have been compromised, with as little disruption as possible.

We have taken a number of steps to protect our customers in relation to this event:

• A team of experts are analyzing the data we have available to determine the root cause of this activity. This is ongoing, and we will provide further updates as they become available

• We have used this data to implement new alerting tools, helping us identify further suspicious activity

• Our advanced fraud-detection tools learn from such behaviour, improving their ability to identify and respond to suspicious activity before an unauthorized user has a chance to take additional malicious steps

Customers should feel empowered to safeguard their personal information online. There are a number of steps you can take to reduce the likelihood that your login information online may be compromised. In particular:

• Be vigilant. When you receive an email, make sure you know (and verify) the sender. Do not click on links in emails from people you do not recognize or from email addresses that look suspicious.

• Use unique passwords everywhere. The more varied and longer your passwords, the less likely a bad actor will be able to guess them.

• Use Two-Factor authentication. Two-Factor authentication is a common tool used to add to the security of your online accounts – bank, work, email, and even social media. You can set up Two-factor authentication on your Campaign Monitor account by following the steps described here: https://help.campaignmonitor.com/two-step-verification

• Don’t share your credentials, even with your colleagues. Make sure any account you operate uses an email address unique to you, and we recommend avoiding using generic logins such as account@ admin@ office@ team@. Add and manage your users in Campaign Monitor easily: https://help.campaignmonitor.com/add-or-remove-people

Trust is a top priority at Campaign Monitor. As standard we utilise a variety of Security controls, such as 24/7 operational monitoring, Web Application Firewalls, unique identifiers for every single piece of data within accounts, and all data is fully encrypted.

For more information and guidance on security at Campaign Monitor, visit our Trust Page: https://www.campaignmonitor.com/trust/. We will continue to share information that is helpful to protect your accounts, but if you have any questions or need assistance, please do not hesitate to reach out to the Compliance team at compliance@campaignmonitor.com.
Posted Aug 25, 2019 - 22:15 PDT