Important Notice on Your Data and How We Protect It

Recently we were notified by an external security firm of a published document that exposed a Microsoft Azure data storage flow which may have exposed some data and files.


On December 13th 2020 we were notified of a potential security flaw that may have exposed some of your files and data to hackers.  That evening we immediately purged older and unused files, while submitting a ticket to Azure for further clarification.  On the 15th we updated the settings within Azure to ensure data would not be visible per the method found. 

Since then we were focused on ensuring your current and new files were properly secured, when on December 22nd we upgraded our storage system with new private and secure storage that is non-indexed and only accessible through authenticated users in the platform.  Going forward, all files associated with a CRM record will go into our secured storage and all files that are marked with permissions when uploading will also go into secured storage.  

To show that we take these alerts seriously, we resolved the issue prior to bein notified by Microsoft Azure on December 23rd at 2:25 pm of this potential file access.  By this time we had already patched and then fully resolved the issue.  You can review Microsoft's letter below.

What it's not!

There is no detail on exactly which files, if any may have been breached, but we can ensure you that no files contained any passwords, credit card information or other pertinent items such as access keys.  It is not our database, backups nor source files for our platform.  In many cases, you may have had no private files stored in these directories.  It was not access to all our files/directories, only a few that are leveraged for the media you upload, responses to forms and downloaded reports.

How we're keeping you safe(r):

We have employed several solutions and techniques that will prevent this from occuring again in the future.  This includes:

  • Storing all private and customer sensitive files in our secure storage
  • Ensure secure storage is only accesible via authenticaed means
  • No one can browse or list all items in a folder or directories
  • Setup a log that keeps track of each person who exports data
  • Automatically purge exported data daily

When someone tries to access a resource that they don't have access to, they will get an error message as such:

<Error>
<Code>PublicAccessNotPermitted</Code>
<Message>Public access is not permitted on this storage account. RequestId:005cc70b-d01e-006f-549a-df7217000000 Time:2020-12-31T17:31:59.4175116Z</Message>
</Error>


Letter From Microsoft Azure

Your data might be at risk. Review public access permissions of your Azure Storage accounts now

You're receiving this notice because you use Azure Storage.

Recently, some of the data stored in publicly accessible cloud storage, including Azure Storage accounts, was indexed and published online to potentially malicious websites. Malicious actors can search these indexes to locate and access sensitive data inappropriately stored in the indexed storage containers.

While it is legitimate for some Azure Storage account containers to be publicly accessible (to host websites for example), it is also not uncommon that some containers with sensitive data can be publicly accessible due to a misconfiguration, putting sensitive data at risk and exposing it to breaches.

Why am I receiving this email?

As part of our efforts to help Azure customers better protect their data and resources, we have reviewed the above indexes and are now notifying relevant customers to help them take any required measures (see recommended actions below).

For details on the indexed Azure Storage account containers we found in your storage account, see the Account Information section of this notice.

Recommended actions

  • To monitor unusual and potentially harmful activities to access or exploit data in your storage accounts, you can enable Azure Defender for Storage (free for 30-days).

If you have any questions, please contact us.

Please note that this email communication is sent per storage account, so you may receive additional similar emails if some of your other storage accounts were also indexed recently.

Additional Help Tutorials

Find more ways to grow on PeopleVine.

Configure Salto to Work with Peoplevine Check-In

Follow these steps to configure your Salto to auto Check-In members when they use a Salto keycard.

Posted January 12, 2024

Detailed Member Statements & Billing

Unveiling Peoplevine's Member Statements & Billing feature: a comprehensive tool ensuring utmost transparency, simplicity, and efficiency in every financial transaction for both members and operators.

Posted September 28, 2023

New and Improved Timeline View

Dive into Peoplevine's My Schedule Timeline View: a feature designed to bring unmatched convenience and clarity to members' and guests' schedules, centralizing everything from dining to events.

Posted September 28, 2023

Spa & Wellness Booking with Book4Time Integration

Experience the perfect synergy of Peoplevine and Book4Time: a collaboration that transforms spa and wellness bookings, merging front-end engagement with backend efficiency.

Posted September 28, 2023

Going Global

Discover how PeopleVine's "Global Network" solution is set to revolutionize the hospitality industry by unifying brand experiences across multiple properties, whether globally or within a local region, offering members a seamless digital experience and granting operators unparalleled insights.

Posted September 28, 2023

Override the Guest Pass E-mail with Template

You can replace the e-mail sent to a guest when a guest pass is issued while retaining the necessary links to ensure they can activate it.

Posted September 27, 2023

Transaction Reporting has an Upgrade

We updated the Transaction Reporting screen to provide you with the data necessary to provide a glimpse at your revenue and the necessary data to audit your financials.

Posted September 7, 2023

You Can Set the Time to Process Authorizations

When a charge is processed through your POS, the charge may be Authorized until we capture the tip or at the end of day to handle refunds or changes. In this case, you can now set the time as to when we will process your authorizations.

Posted August 28, 2023

Adding Your Alliants Integration

Follow these steps to connect Peoplevine with your Alliants account for messaging.

Posted August 28, 2023

Setup Your Membership Tiers Based on Age

You can enable your membership tier to be for members between certain ages, when they past that age, they will automatically migrate to the next age tier.

Posted August 22, 2023

Follow these steps to update your Twilio settings to ensure delivery

This article will overview how to setup your brand and campaigns for broader/better delivery.

Posted August 10, 2023

Select Which Transaction Types You Want to Sync with Quickbooks

You're able to select which types of transaction items you want to sync to Quickbooks.

Posted June 14, 2023

Configure your Member Portal to Show Spa and Wellness

Once your Spa and Wellness feature is enabled, you need to configure the following to display on your member portal.

Posted June 14, 2023

Setup a Temporary ID for Hotel Guests

You can allow hotel guests to act as a member during their time at your property by leveraging these settings.

Posted May 23, 2023

© Peoplevine 2024. Powered by PeopleVine. Terms of use | Privacy & cookies