BrowserStack hacked, but it’s not shutting down

BrowserStack, the popular cross browser testing service used by over 25,000 customers around the world, including Microsoft, eBay, Adobe, Wikipedia and many others, has suffered a breach but is not shutting down.

An indication that something went wrong came in the form of the following email sent to the service’s customers:

BrowserStack has confirmed that they weren’t the ones who sent the email.

“We did get hacked. Currently sanitising entire BrowserStack, so service will be down for a while. We’re on top of it & will keep you posted,” they initially wrote on their Twitter account. They added that the hacker’s access was restricted solely to a list of email addresses.

They haven’t commented on the email sender’s claims but promised they will post a post-mortem of the attack. “Currently efforts are focused on getting the service back on track, and protecting user interests,” they pointed out and aded that “Automate and Screenshot services are up and running. Live will shortly be up.”

According to information shared by Adithya Chadalawada, a senior sales associate at BrowserStack, with DataBreaches.net, the attacker gained access to the list of user email addresses on BrowserStack on 9 November, 2014 at 23:30 GMT.

“We are still in the process of sanitisation, and making doubly sure this situation never reoccurs. We are on top of it, and will post updates as they happen,” he said, adding that BrowserStack will be back up in a few hours. He also recommended that users change their BrowserStack password “as a precaution.”

The sender of the email is still unknown, but the most compelling theory about the identity of the attacker so far is that a disgruntled employee is to blame. It’s, of course, also possible that an outside attacker has managed to get into the company’s network and is bent on discrediting the service.