If you have never opted in to our monthly newsletter, this will not affect you. If you have opted in to our monthly newsletter, then you should read this.
A third party newsletter software used to manage our monthly newsletter has been the subject of a cyber attack. After our last newsletter, two users reported that they had started to receive unsolicited emails using email addresses only used with Majestic. As a result, we are investigating a probable compromise of the email system and we believe that the third party software has been compromised.
No passwords or card information have been compromised – we believe only email addresses were taken, but we are provided extra security advice in the event that display names were also compromised.
Is there any Danger to Me?
Whilst the damage is fortunately limited to spammers accessing email addresses, we are sorry that the breach has occurred and felt it was appropriate to inform our users of the theft. Fortunately, the danger is small. Most spam emails are easy to recognize. We ALL get them, because email addresses are inherently insecure. In the unlikely event your display name was compromised, you might be more prone to falling for a Phishing email, because the spammer might use the display name as a “trust signal” to help you believe an email comes from Majestic SEO or from somewhere else where you may have used the same display name. We recommend that you maintain an email spam filter on your emails. Here are a number of free ones if you are not already protected:
Because of the way in which we believe the database to have been accessed, we are reasonably confident that no display name information was actually taken and no other identifiable information was in the system in any event.
Do I have to Change my Password?
The passwords were not part of the newsletter system and indeed this was one of the reasons why we used a third party solution for Newsletter management, so that we did not compromise the main accounts. You are of course welcome to change your password at any time, but it has not been compromised. If you would also like to change your display name, this is also straightforward to update your details. If you want to change your email address on our system moving forward, please set up a support ticket whilst logged in if you feel this is necessary.
Can I Trust Majestic with my Credit Card details?
We have never directly seen your card details or stored these as we use reputable third party companies, Paypal and Cybersource (which is owned by VISA), to collect these details. We do not keep them even on our most secure systems.
Was the Newsletter System some Freebie Software?
No – it was a commercial and paid for system. The software was up to date and we had a maintenance contract in place. We hosted the system on separate servers to our main systems, which allowed us to manage the newsletters from offsite, with appropriate password protection. This means that every month, we recorded anyone that had unsubscribed and updated the client database, then exported the email addresses of those opted into our newsletter into a CSV file. This CSV file was then uploaded to the software without any personal information (except the display name and email).
We are not aware of our passwords being given away or exposed and we continue to investigate how the software was in fact accessed. We do not believe it was negligence on our part, but we are extremely sorry that it has happened.
How have you fixed the problem?
We have now made the newsletter administration totally inaccessible from outside Majestic SEO. We will decommission it.
How can I Unsubscribe from Majestic’s newsletter?
You can check your newsletter settings when logged in here. We will wait a short while before sending out the next newsletter – which we are still keen to do, to inform those people that do not read our blog.
We Sincerely Apologise.
We want to say that we are extremely sorry that this breach has occurred. We are treating this unauthorized access with the utmost severity.
Have you reported the theft?
Yes, to the British Information Commissioner’s Office (ICO), where we are registered under the UK Data Protection Act. It is their decision as to what action to take next if any.
Complaints and Comments.
Whilst we are keen to be transparent about the breach, we are also more mindful than ever about further compromise of our security. As such, if you have any specific concerns, please set up a support ticket whilst logged in to your account. Being logged in will confirm your email address to us so we can assess whether you have been affected. If you do feel the need to comment below, please bear in mind that we will be moderating these comments and have an ongoing investigation in progress, so not all comments will be published.