Blog > Announcements > Articles
Security Incident on November 13, 2020
Table of Contents
Dear Liquid customers,
This is Mike Kayamori, CEO of Liquid.
Today, I wanted to personally inform you of a recent security incident and data breach that affected Liquid.
On the 13th of November 2020, a domain hosting provider "GoDaddy" that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.
What have we done, and what will we do?
After detecting the intruder we intercepted and contained the attack. Immediate action was taken to prevent further intrusions and to mitigate risk to customer accounts and assets. Before notifying customers we wanted to be sure that we understood the situation and its possible impact to you.
Having contained the attack, reasserted control of the domain, and performed a comprehensive review of our infrastructure, we can confirm client funds are accounted for, and remain safe and secure. MPC-based and cold storage crypto wallets are secured and were not compromised.
We have informed relevant regulatory bodies of the breach and we will continue dialogue with them over the coming days.
We will continue to review our infrastructure and take steps to bolster security with our technology partners.
What personal information may have been accessed?
We believe the malicious actor was able to obtain personal information from our user database. This may include data such as your email, name, address and encrypted password.
We are continuing to investigate whether the malicious actor also obtained access to personal documents provided for KYC such as ID, selfie and proof of address, and will provide an update once the investigation has concluded.
What are the potential consequences?
When a malicious actor obtains your personal information, there is an increased risk of identity theft.
It is also possible that you may experience an increase in spam email and phishing attempts. Phishing attempts may be more sophisticated and difficult to detect when a malicious actor has access to your personal information.
What you should do
We do not believe there is an immediate threat to your account due to our use of strong password encryption. Nevertheless, we recommend that all Liquid customers change their password and 2FA credentials at the earliest convenience. More detailed instructions are published via Liquid Help Center.
If you are unable to change your password or 2FA please contact our Customer Champions on email@example.com for assistance.
As a precautionary measure and consistent with ordinary good practices, we recommend that you remain vigilant by reviewing your financial account statements and credit reports closely, using a password manager to update your passwords frequently, and exercising caution with any emails that ask you to provide any personal information. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained.
You also should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities.
For further information and assistance in connection with your personal data, please contact firstname.lastname@example.org
We are extremely embarrassed at this compromise of personal information that commenced with a breach external to Liquid. We have always taken pride in our security of client data & assets to date, and this incident will encourage Liquid more than ever to raise the bar.
Once again, I apologize deeply for this humbling data breach and the loss of confidence that you may have. I assure you that we will be better and stronger and appreciate your continued support of Liquid.