Bulletin ID: ASEC-24-002
Date: Dec 12, 2024
Product / Component: Arduino web infrastructure
Summary
We have recently been made aware that a hacker published a set of information related to our infrastructure on a dark web forum. Our Security Team has investigated the claim and our incident response process has been immediately implemented.
To our knowledge, a leaked API access key has briefly been used to download PDF files representing certificates of completion of Arduino courses, which is not harmful information to our users. The leak was immediately remediated.
This exposure is related to a security incident that happened some months ago, to which we promptly reacted by taking adequate countermeasures. At the moment we have no evidence that the incident can result in harm to the security of our Arduino Web and Cloud services. We remain committed to provide the highest security standards and thank you, our community, for your trust and support.
Contact
If you encounter any issues or have questions regarding this security update, please contact our security team at security@arduino.cc.