To Our Valued Customers and Partners,
On Monday, December 5, 2016, at 15:57 PST, we prepared and deployed an update for our iOS and Android app notification services. The update contained a bug, which we failed to detect in our QA process before releasing. This particular bug caused push notifications intended for certain Stripe accounts to be sent erroneously to 929 users. This bug was quickly reported by one of our customers, the issue was then immediately escalated to our engineering team, who quickly diagnosed the error, and rolled back the code that contained the bug. The incident from the time of first response to resolution lasted approximately 10 minutes.
No Control user accounts or Stripe accounts were hacked or compromised during this timeframe. However, in the 10 minute window when we worked to diagnose and rectify the bug, the push notification messages sent may have exposed information such as:
- Customer emails
- Charge amounts
- Transfer amounts/descriptions
- Plan names
We have since installed a secure safeguard to ensure that this incident, and similar incidents, will not occur again.
Data security is tantamount at Control, and an utmost priority we consider to be at the core of our engineering practice. I sincerely apologize if any of our valued customers felt that the security of their data was compromised. We were able to isolate the issue quickly and rectify any alerts that were erroneously misdirected, within a very short timeframe. At no time during the incident was there any breach to individual Control accounts nor their Stripe accounts.
After we conclusively resolved the bug with push notifications, we then conducted a thorough post-mortem analysis of the release. From our assessment of the incident, we have developed more robust systems and controls to continue to build a product that exceeds the security standards of our customers, and our partners, and to allow us to avoid errors of this nature in the future.
Again, please accept my sincere apologies for this incident. Our customers’ and partners’ trust is a quality we deeply value at Control, and if you have any additional questions please feel free to contact me directly.
CEO & Founder | Control