On January 27, 2015, a security vulnerability known as GHOST (CVE-2015-0235) was disclosed, impacting many Linux systems. The vulnerability could potentially be exploited to steal sensitive data such as encryption keys and user passwords. We have no evidence that any DNAnexus customer data or credentials were compromised using this vulnerability, and an in-depth analysis of the vulnerability attack vectors indicates that such a compromise was unlikely.
At DNAnexus, the security of our clients is our top priority. As soon as the vulnerability was disclosed, we started identifying services on our platform that were affected. All such services were patched to eliminate the vulnerability within 5 hours after it was initially disclosed. After this initial response, we started a thorough analysis of how our systems and the security of our clients could have been affected. The analysis found no indications of exploit, and we were able to exclude large portions of our systems from the hypothetical risk of attack. However, due to the scope of the vulnerability, we are continuing the analysis and will update here if any additional information is found.
We welcome customer feedback – if you have any questions or comments about our security practices, please reach us at firstname.lastname@example.org.