On Wednesday, 02/07/2024, from approximately 2:00 p.m. to Wednesday, 02/14/2024 at 7:00 p.m. (UTC), an alert message displayed when the email template editor loaded in users’ KnowBe4 console or PhishER platform.
This incident was caused when our HTML editor provider released a new version of their editor. Older versions of the editor were no longer considered secure, and as a result, the provider displayed an alert message in the editor of the KnowBe4 console and PhishER platform. Once we updated the KnowBe4 console and PhishER platform to use the latest version, the editor was considered secure and the alert message no longer displayed.
To prevent this type of issue in the future, we plan to monitor the third-party editor provider’s release notes to prepare for new version releases.
No data was lost as a result of this incident. The level of vulnerabilities for the third-party editor provider was low to moderate. We released a fix in a week, and this timeframe is in the expected remediation timeline for our SLA. For more information about our policy on vulnerability timeframes, visit Security | KnowBe4.