FTP Security Alert



A handful of customers have reported that their music and log folders have suddenly disappeared and after inspecting the associated ftp log files, we were able to find a single common ip-address ( associated with deletion of files.

Although we cannot prove that the aforementioned ip-address is the culprit, it is highly suspicious that a single ip-address would be associated with the deletion of files across multiple systems.

Needless to say we have temporarily banned the ip network (belonging to Russia) pending a security review and are evaluating other points of exploit.

The impact has been limited to a small portion (at current count about 8) of retail customers located primarily in the Netherlands and South America. At this time, we find that producers in other regions (North America, Asia and the rest of Europa) have not been affected.

Out of an abundance of caution, all customers are encouraged to login to the customer control area (www.sonixcast.com) and to change their passwords both on their account and individual services.

Because of the limited scope of the event, we have no reason to believe that any wide ranging exploit or brute force attack is occuring. FTP passwords are commonly shared by Producers for diverse reasons and we believe a bad actor with malicious intent might be the culprit. However, we highly recommend that all customers update their passwords just to be on the safe side.

***** UPDATE 2018/15/03 *****

We were contacted by facebook and DHS over a month ago that the SoniXCast Producers Group (https://goo.gl/xHzsbN) was being targeted by Trolls, Hackers and Propagandists. We are cooperating with both organizations in order to weed out culprits and were instructed to make no announcements.

However, now that we feel investigation has advanced far enough and innocent individuals are beginning to be affected, I feel it is my duty to inform all to tread cautiously (like elsewhere on facebook) with the information and individuals in the SoniXCast Producers Group. Especially if it concerns unofficial network or system announcements as the majority of the Trolls and Propagandists investigated so far are tied to SoniXCast competitors.

Hackers will try to make direct contact, so I recommend taking extreme caution sharing sensitive information (hostnames, ports, username, passwords and the like) with individuals in the SoniXCast Producers Group.

The only official channels for trusted corporate communications is our website (www.sonixcast.com) including the knowledgebase, announcements, emails from support and ticketing systems, our info blog (info.sonixcast.com) and the official SoniXCast Support Group (https://goo.gl/yquHLX). We are very transparent about our network and system availability which can be viewed in real-time at https://goo.gl/p3gzwf.

To demonstrate the gravity of the situation, last week a handful of customers had their streaming accounts hacked into and all data erased (no personal data was compromised as that sits in a separate highly secure area with no access to the internet). With the help of diverse government agencies, we were able locate the attackers and alert the local authorities. More info here: https://goo.gl/wrsvhA

We view the SoniXCast Producers Group as a discussion group where producers can help each other and exchange ideas. The support team will NOT monitor the SoniXCast Producers Group for support issues. For support use the aforementioned official channels of communication. However, Vincent Reilly will continue to administer the group and forward possible support issues onto the main support team.

IMPORTANT: Those who rant or make outrageous claims should be treated with extreme caution as the threat is ONGOING and there are many eager to make your life difficult. Let common sense prevail.

%d bloggers like this: