Skip to main content

Hi all. We just received an email from Iterable saying that all passwords were going to be voided tomorrow morning forcing users to create new passwords. Is this email legit?

Hi Joseph Aguilar Thanks for your question! Yes, this is a legitimate email from Iterable, all passwords will be voided tomorrow at 9:00AM PT and you will need to reset yours.

If you have any other specific questions, please feel free to let me know!


Thank you, Sarah. Just wanted to confirm before we sent out a message to employees.


Hi Sarah Lubecki, would it be possible to share additional information regarding the incident? Email was quite vague on what was actually affected. For example did those compromised accounts belong to Iterable team? And if so did they have any access to customer data?


Everinas Kazla

The credentials that were compromised belonged to users, not Iterable team accounts, and were acquired due to credentials theft elsewhere. In this case, several users' login information was found in a set of data aggregated from several different keyloggers and other forms of credentials theft malware.

Although we are not the source of the compromise, we wanted to take a proactive approach to protect all of our users by doing a global password reset.


Reply