Back to all posts

We're Back

On Friday (Nov-15-2013) morning, an intruder was able to gain enough access on our website to run some unauthorized code. The intruder did not access our databases; no user information, algorithms, backtest results, etc. were compromised. The intruder was able to see information about our system and infrastructure. This information could have been used to gain further access to our systems and data, but we have modified our security systems to prevent that.

When we identified the attack, we took down the website and shut down all access. We analyzed our logs of the incident, including logs maintained by separate vendors that we use. We are confident that we understand the extent of the attack and the attack vectors that were used. We will put up a more detailed, technical postmortem in a few days.

People regularly attempt to gain access to our servers. Some of the attacks are minor - people rattling the door to see if it’s locked. Other attackers are more serious and try increasingly sophisticated methods to get access. We log them all, and we respond with both automation and human intervention, and follow up as appropriate. This particular attack was noteworthy because the attacker actually got somewhere that he shouldn’t have been able to. Even though the attacker didn’t get any information of value, we view the breach as very serious and we have addressed the vulnerability the attacker exploited. We are working very hard to prevent any future incidents.

We view security as an ongoing concern - the work is never done. We anticipated that as we became more visible, we’d become a more tempting target to attackers. We mapped out plans to increase our security measures as our threat profile increased. In light of the attacks of the last few weeks, we have accelerated the implementation of additional security measures. That work is continuing at a high priority.

We’ve said this before, but it is very important and bears repeating: The protection of our members’ intellectual property is one of our core promises, and we take it very seriously. We want our members to trust us with their intellectual property. We believe that the best way to earn your trust is by being transparent with you about Quantopian. We hope that we can continue to earn your trust, even when we are sharing unpleasant news.

If you have any questions or concerns, please let us know. We always reply to email received at [email protected]. We monitor [email protected] for emails concerning our security. You are always welcome to reach me personally at [email protected].

Sincerely,

John Fawcett
CEO and Co-Founder

The material on this website is provided for informational purposes only and does not constitute an offer to sell, a solicitation to buy, or a recommendation or endorsement for any security or strategy, nor does it constitute an offer to provide investment advisory services by Quantopian.

In addition, the material offers no opinion with respect to the suitability of any security or specific investment. No information contained herein should be regarded as a suggestion to engage in or refrain from any investment-related course of action as none of Quantopian nor any of its affiliates is undertaking to provide investment advice, act as an adviser to any plan or entity subject to the Employee Retirement Income Security Act of 1974, as amended, individual retirement account or individual retirement annuity, or give advice in a fiduciary capacity with respect to the materials presented herein. If you are an individual retirement or other investor, contact your financial advisor or other fiduciary unrelated to Quantopian about whether any given investment idea, strategy, product or service described herein may be appropriate for your circumstances. All investments involve risk, including loss of principal. Quantopian makes no guarantees as to the accuracy or completeness of the views expressed in the website. The views are subject to change, and may have become unreliable for various reasons, including changes in market conditions or economic circumstances.