Unauthorized Users Added to Marketplace Vendor Accounts from Bug caused by Database Failover
An update has been posted
As communicated in the previous update:
- No billing details were accessed or changed by unauthorized users in any impacted vendor partner account
- No reports and transaction details were accessed or changed by unauthorized users in any impacted vendor partner account
- No new app versions were created by unauthorized users in any vendor partner account
However, we are continuing to investigate and enumerate all unauthorized access to any Marketplace Partner account’s contact information and app details. In the process, we have already reached out directly to a subset of impacted Marketplace partners to communicate the impact to them and will be reaching out to others as we progress.
As no billing details were accessed or changed by unauthorized users in any impacted Partner partner account, our finance teams have started to process the payments for the month of February (due in March).
Up to now we have prioritized understanding the full scope of potential unauthorised access to partner data and communicating this to partners above restoring access to Marketplace Partner admin functionality.
We are now evaluating options to safely restore access to Marketplace Partner functionality, and hope to be able to do this tomorrow ( 18 Mar 2021 ) for the majority of functionality.
We will keep you informed as we progress.
Thank you for your patience and continued support as we work through this sensitive matter.