The problem was quickly identified and action was taken to prevent any future logins being recorded in the open.
Splunk says that they have no reason to believe any information was exposed in the wild, the only ones with possible access to the data were a few Splunk employees with access to internal deployments.
In order to make sure no problem arises from this situation, they have reset all affected users’ passwords and cleared all affected users’ active sessions on splunk.com. Also, a new temporary password has been e-mail to the affected users.
Splunk recommends that users change this temporary password as soon as possible using the instructions below:
1. Point your browser to http://www.splunk.com
2. Click on the “Login” link in the top right corner of the page
3. Enter your splunk.com username and password that was emailed to you, then click “Login”
4. Once you are logged in, click on “My Account” in the top right corner of the page
5. Under “Email Address:” in the left hand column, click “Edit Login and Email Subscriptions”
6. In the “Password” section, enter the password that was emailed to you under “Old Password:”, choose a new password, and enter it under both “New Password:” and “Confirm New Password:”
7. Click “Save Changes”.