The incident didn't risk customer data stored in Lyyti in any way and no Lyyti users were affected. No further actions are required.
Lyyti's portal user interface, the site that Lyyti users use to manage the events has included Polyfill JavaScript library in order for Lyyti to support older web browser versions. The domain related to Polyfill library, polyfill[.]io was part of a supply-chain attack starting on 25th of June. The attack redirected targeted users to inappropriate gambling and adult content web sites.
There is no indication or evidence that Lyyti users would have been targeted. The attack was mitigated by the domain registrant Namecheap when they took down the affected domain on 27th of June. After the situation, Lyyti's service was modified in order to remove all Polyfill functionality.
As a good and transparent practice on information security reporting, we wanted to still share this information. No further actions are required.
More details about the incident can be found from multiple sources from the web, for example here: https://thehackernews.com/2024/07/polyfillio-attack-impacts-over-380000.html
Read more about currently supported web browsers
Kommentit
0 kommenttia
Kommentointi on poistettu käytöstä.