Neural DSP issues statement on data breach affecting 3,300 Quad Cortex users
Neural DSP says the breach gave away the WiFi names and passwords of more than a handful of users.
Image: Neural DSP
Neural DSP has issued an official statement on a recently uncovered data breach, which affects approximately 3,300 Quad Cortex users.
The statement was published on 24 April 2023, three days after the company noticed a security vulnerability on the Quad Cortex that “granted exploiters temporary access” to the email account it used to collect reports and logs from users of the popular floor modeller.
“On Friday April 21st we were alerted to an unsuccessful login to the email account we use to collect reports and logs sent from Quad Cortex. This turned our attention to a security vulnerability on Quad Cortex that to the aforementioned email account,” the company wrote.
“This exploit was immediately fixed internally, meaning no further access is possible,” it added.
The data breach is said to affect “approximately 3,300 names and email addresses”, making them visible to a “small number of individuals” taking advantage of the exploit.
Of further concern, Quad Cortex is also said to record the names and passwords of WiFi networks it connects to – up to the point of a factory reset – along with the WiFi passwords of users who’ve sent in a crash report after a system failure. “Unfortunately this data was not encrypted,” Neural DSP wrote.
“We identified approximately 430 users affected by this. This issue has been fixed in CorOS 2.0.2 [the upcoming version of the floor modeller’s OS] and Quad Cortex will no longer record the passwords of WiFi networks in the crash logs.”
Neural DSP is currently beta testing CorOS 2.0.2 internally, and plans are to launch the update by this week. Until then, however, Quad Cortex is unable to send new reports or logs.
Douglas Castro, CEO of Neural DSP, also took the opportunity to apologise to users in the statement.
“I apologise deeply for this inconvenience and our oversight,” he said. “We value our users’ privacy above anything else and we were devastated to learn of this vulnerability being exploited. We will be doing everything possible to deeply evaluate our systems and Quad Cortex to ensure nothing like this can happen again.”
If you have questions, or have been affected by the data breach, you can contact support@neuraldsp.com.