Back to all posts

Security Incident November 15, 2013

Status updates about an ongoing security incident.

Update Nov-17-2013 9:15PM EST: Site is back up.

Update Nov-17-2013 11:15AM EST: Work continues on our security improvements.  We will have another update (at least) this evening.

Update Nov-16-2013 12:15PM EST: Work continues on our security improvements.  We’re hoping to bring the site back up tomorrow, but it is not yet certain.

Update Nov-15-2013 6:30PM EST: We’ve completed our review of the attack.  The intruder did not access our databases; no user information, algorithms, backtest results, etc. were compromised. The intruder was able to see information about our system and infrastructure. We are updating our systems and application so that this information will not be useful to the intruder in the future.

Our focus has turned to closing the security hole the intruder used and other security improvements.  We are keeping the website offline while we implement the improvements.  Unfortunately, this work will take many hours to complete.  We expect to be back up in plenty of time for the market open on Monday, but will be down for at least part of the weekend.

Original post Nov-15-2013 10:20AM EST: We detected that an intruder had broken into our site early this morning.  The individual was able to execute system commands on at least one of our servers and see internal files that he should not have.  When the intrusion was discovered, we took down the website and closed all access to our system.

We are in the process of assessing what the intruder was able to do and see.  We are also working on closing the vulnerability used by the attacker, and assessing what other vectors might be at risk.   Our pilot trading group was notified earlier this morning.  We are certain that no brokerage trading accounts were compromised; we don’t save those passwords, ever.

We are sharing this early information about the problem in the interest of transparency.  We believe strongly that trust is earned, and transparency is required for trust.

This process will take at least several hours.  We will update this blog post as new information becomes available.

The material on this website is provided for informational purposes only and does not constitute an offer to sell, a solicitation to buy, or a recommendation or endorsement for any security or strategy, nor does it constitute an offer to provide investment advisory services by Quantopian.

In addition, the material offers no opinion with respect to the suitability of any security or specific investment. No information contained herein should be regarded as a suggestion to engage in or refrain from any investment-related course of action as none of Quantopian nor any of its affiliates is undertaking to provide investment advice, act as an adviser to any plan or entity subject to the Employee Retirement Income Security Act of 1974, as amended, individual retirement account or individual retirement annuity, or give advice in a fiduciary capacity with respect to the materials presented herein. If you are an individual retirement or other investor, contact your financial advisor or other fiduciary unrelated to Quantopian about whether any given investment idea, strategy, product or service described herein may be appropriate for your circumstances. All investments involve risk, including loss of principal. Quantopian makes no guarantees as to the accuracy or completeness of the views expressed in the website. The views are subject to change, and may have become unreliable for various reasons, including changes in market conditions or economic circumstances.

Joshua Vayle

What can I do to help?

Come back and write an algo when we're back 😉 Thanks for the offer!

K0414

Hoping come back soon. Come on, guys! Great site!

Great transparency guys— very well done. It gives all of us faith that we don't have monkeys driving your service. Let us know how we can help.

Comments are closed.