Status updates about an ongoing security incident.
Update Nov-17-2013 9:15PM EST: Site is back up.
Update Nov-17-2013 11:15AM EST: Work continues on our security improvements. We will have another update (at least) this evening.
Update Nov-16-2013 12:15PM EST: Work continues on our security improvements. We’re hoping to bring the site back up tomorrow, but it is not yet certain.
Update Nov-15-2013 6:30PM EST: We’ve completed our review of the attack. The intruder did not access our databases; no user information, algorithms, backtest results, etc. were compromised. The intruder was able to see information about our system and infrastructure. We are updating our systems and application so that this information will not be useful to the intruder in the future.
Our focus has turned to closing the security hole the intruder used and other security improvements. We are keeping the website offline while we implement the improvements. Unfortunately, this work will take many hours to complete. We expect to be back up in plenty of time for the market open on Monday, but will be down for at least part of the weekend.
Original post Nov-15-2013 10:20AM EST: We detected that an intruder had broken into our site early this morning. The individual was able to execute system commands on at least one of our servers and see internal files that he should not have. When the intrusion was discovered, we took down the website and closed all access to our system.
We are in the process of assessing what the intruder was able to do and see. We are also working on closing the vulnerability used by the attacker, and assessing what other vectors might be at risk. Our pilot trading group was notified earlier this morning. We are certain that no brokerage trading accounts were compromised; we don’t save those passwords, ever.
We are sharing this early information about the problem in the interest of transparency. We believe strongly that trust is earned, and transparency is required for trust.
This process will take at least several hours. We will update this blog post as new information becomes available.