Get the latest live chat benchmark data broken down by team size & industry

Read more

Security Incident on September 29, 2022

No customer confidential information and/or chats were exposed

October 6th, 2022, Vancouver, B.C – On September 29th, 2022, a security incident related to the Comm100 Agent Console desktop application was identified and mitigated by Comm100 security engineers. Although Comm100 has determined that no customer confidential information and/or chats were exposed during the incident, technical details about impacted computers may have been exposed, including:

  • the name of the affected host,
  • the username of the currently logged-in session on the affected host,
  • the Site ID of the Comm100 account, and
  • background process information such as process names, PID’s, session names, session numbers, and system memory usage.

Comm100 has determined the exposure window to have been limited to Windows computers running the Comm100 Agent Console Windows desktop application version v.10.0.8, between 11pm on September 27th, 2022 and 8am September 29th, 2022 PST. Windows users using v.10.0.8 of the Agent Console during the exposure window were exposed to a trojanized version of the application that exposed the above system information and may have installed additional malicious files. Information about the trojan and how to remove it can be found here.

The following were not impacted:

  • Organizations and users who were not using Comm100 Agent Console Windows desktop application version v.10.0.8 software during the exposure window
  • Organizations and users of the Comm100 Agent Console Mac desktop application, Comm100 Agent Console Web/Browser edition, and the Comm100 mobile applications
  • Organizations with firewalls that only permit whitelisted requests
  • On-premises platform users of Comm100.

Full mitigation of the incident (including threat quarantining and removal, security hardening of build and processing environments, and publishing a patch Agent Console Windows software v.10.0.9 which fixes the issue) was completed by Comm100 engineers on 8am September 29th, 2022 PST.

The root cause of the incident was determined to be a compromised Windows packaging server; conditions which led to compromise have been identified and remediated as part of Comm100’s security incident response process.

Organizations and users recognized by Comm100 as affected by the incident (~2% of Comm100’s install base) were promptly notified and provided with information necessary to identify and eliminate the risk.

The PCI and HIPAA compliance status of the processing environment has not been affected by the incident, and all material data processing remains in compliance with applicable laws, regulations, and standards.

Comm100 regrets any inconvenience resulting from this incident. Resilient and relentless, the Comm100 team has used this as an opportunity to learn and optimize and continues its ongoing commitment to data security, trust, and safety. For any questions relating to this matter, do not hesitate to email us at security@comm100.com.

[END]

 

ABOUT COMM100

Comm100 is a global provider of digital omnichannel customer engagement software for education, government and commercial organizations of all sizes. With Comm100, organizations can provide excellent digital customer experiences through configurable, value-driven live chat, secure messaging, AI powered bots and automation within one integrated console. Comm100 is powered by zero downtime, the highest standards in security, and AI automation, ensuring customers get answers anytime, anywhere. To learn more about Comm100, visit: www.comm100.com




COMM100 MEDIA CONTACT

Kate Rogerson

Content Manager, Comm100

kate.rogerson@comm100.com