back to article BrowserStack HACK ATTACK: Service still suspended after rogue email

Browser testing service BrowserStack has temporarily suspended its services while it recovers from a "hack attack" by someone apparently bent on discrediting the security of the widely used tool. "We did get hacked. Currently sanitising entire BrowserStack, so service will be down for a while. We're on top of it and will keep …

  1. Shell
    Facepalm

    Triage

    I can understand them scrambling to ensure their network & service is actually still viable, I'm fairly confident their marketing folks aren't part of that - and surely right now a few reassuring words on social media would go a long way to triaging the damage. The lack of response, beyond a couple of content-free tweets, isn't helping at all... Their audience is primarily developers. Some immediate transparency would go a long way.

    It's a great service, I make a lot of use of it.

    1. Alister
      Facepalm

      Re: Triage

      a few reassuring words on social media would go a long way to triaging the damage

      WHAT THE FUCK

      I don't think Triage means what you think it means...

      Just FYI:

      Triage (verb) the determination of priorities for action in an emergency.

    2. Anonymous Coward
      Anonymous Coward

      Re: Triage

      > The lack of response, beyond a couple of content-free tweets, isn't helping at all...

      Isn't helping what? Restore their services? Find out how this happened? Who did it? I'm sure spending time posting more information they don't have will really speed things up.

      > Their audience is primarily developers

      So...? Does that make the audience special somehow?

    3. Salts

      Re: Triage

      I have worked with companies that do the autopsy first, then the recovery, it is stupid, your not dead yet, recover then report.

  2. Shell

    Yikes, calm...

    I know what 'triage' means. And I know you have to take stock, prioritise and fix. At the same time you need to communicate. There's been zero information from them in 2 hours, for a service some folks rely on. There are two different things to triage here - the system and the perception of the service. Do you ever actually have to deal with users? They're really easily scared.

    "So...? Does that make the audience special somehow?" no, just means a mildly technical explanation of what they're doing about the breach would not be unreasonable, that was all :/ jeeze.

    I've heard from several less technical folks throughout day how "must not use browserstack, they've been hacked" and "leaked all our details", half truths and rumour must be wrecking their rep right now.

    1. Alister

      There are two different things to triage here - the system and the perception of the service

      You still don't seem to understand what triage means.

      Triage means assigning priorities to multiple things in the most effective manner, so yes you have two things, as you say: the (broken) system, and your users' perception.

      So you assign a priority to each:

      1/ fix the broken system

      2/ manage users perceptions.

      That is Triage.

      I actually agree that maybe whilst the technical guys deal with the problem, some of the management and sales types could do a bit of communication. But, as others have said, if there is no information, how do you disseminate it?

      Which is worse from a user perspective? No information from the company, or a tweet saying "Everything's broken and we don't know why yet"?

      1. Anonymous Coward
        Anonymous Coward

        Which is worse from a user perspective? No information from the company, or a tweet saying "Everything's broken and we don't know why yet"?

        No, it's "we're aware of an issue (+ facts), and are currently investigating". That's pretty basic media management which should be part of Business Continuity planning. That way, you stop rumours which breed 100x faster in a vacuum of information. You also stipulate a time when you will provide a first update, and you stick to that, even if you don't have anything news to report yet.

      2. Anonymous Coward
        Anonymous Coward

        > Which is worse from a user perspective? No information from the company, or a tweet saying "Everything's broken and we don't know why yet"?

        No information from the company is clearly worse.

        If they need to tweet "Everything's broken and we don' t know why yet", that's ok. They need to keep communicating as they investigate too, to set (even rough) expectations for when customers can resume using the service.

  3. snehalpatel

    Automate & Screenshots are up and running. Live will be up soon.

    Automate and Screenshot services are up and running. Live will shortly be up as well. We will email all users with the entire analysis soon. Thank you for your patience.

    -Snehal @ BrowserStack

  4. max allan

    I bet there are a lot of people suddenly wishing they'd spent more time looking at the little documented "-only" option to keep "local BrowserStack" tests restricted to the ports you tell it to access and not giving it unrestricted access. (Kind of makes you wonder why you need to specify the ports in use when it gets all of them anyway)

  5. pkrumins

    I'm very sad to hear that BrowserStack were hacked and their service is down for the time being. If anyone is looking for immediate cross-browser testing solution try Browserling (https://www.browserling.com). Browserling is light-weight, it doesn't use Flash or Java, and it provides ssh tunnels for local network testing. Try it out!

    Full disclosure: I'm the co founder of Browserling. We love our customers and our customers love us.

  6. snehalpatel

    All the BrowserStack services are now up and running

    All BrowserStack services are now up and running. We are keeping a strong check on the system and will email all users the entire analysis.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like