rssLink RSS for all categories
 
icon_red
icon_green
icon_red
icon_red
icon_blue
icon_green
icon_green
icon_red
icon_red
icon_red
icon_orange
icon_green
icon_green
icon_green
icon_green
icon_blue
icon_green
icon_orange
icon_red
icon_green
icon_red
icon_red
icon_green
icon_red
icon_red
icon_red
icon_red
icon_orange
icon_green
 

FS#12818 — FS#17697 — Hosted Exchange Migration

Attached to Project— E-mail
Incident
exchange
CLOSED
100%
This communication exclusively concerns the Hosted Exchange offer

Hello,
We are currently migrating Hosted Exchange accounts to the new version of the Exchange 2016 platform. We are performing migration operations at night to limit any incidents regarding these technical operations.

We were contacted by one of our customers that shared with us a problem encountered during the synchronization of their address book. It appears that the customer was able to view the email addresses created on the Exchange servers.

After investigating, it seems that the customer connected via their Outlook client at the exact moment in which we began to proceed with the migration of their Exchange account.

The migration operation consists of several steps, and it turns out that between two specific steps in the process, it was possible for the customer to connect to the new infrastructure before the address book was isolated and migration completed from the old infrastructure.

At this precise moment, the server was susceptible of communicating the list of email addresses hosted on the Exchange platform in effect revealing the email address, the last name and first name of the Exchange account and mailing lists created by the later. In no case was the content of any email revealed nor the address books of each account.

After analyzing the logs, among the more than 130,000 customers, we have identified that 521 were connected during the migration process. Thus, it is possible some of them found themselves in the same situation as the customer that notified us. A certain number of these 521 users potentially had access to the e-mail address created on the platform.

No party had access this information, only these customers were susceptible to access it.

We have immediately revised our migration process to ensure the isolation of address books during the migration operation.

CNIL has been notified of the incident.

We apologies for the inconvenience and we invite you to inform users of your Exchange services of the incident. Furthermore, we ask you to remain vigilant as undesired email could be sent your addresses.

Our teams are at your disposal for any further information.

The OVH Exchange Team

Date:  Monday, 25 April 2016, 20:17PM
Reason for closing:  Done