Is there a data leak in FC?

This only came to our notice when a new employee just joined and the very next day, she got a WhatsApp on her and her emergency contact number from a person disguised as our director. The message was like every other scam message, which creates urgency with authority and would have eventually asked to make a payment to a upi, against the promise of reimbursement from the company.

This has been happening with all our employees, they’ve all been getting emails and unfortunately one got scammed of 50k by a man disguised as me.

Today, I got this email which mentions that my password was being reset. I didn’t ask for it.

What makes me think it’s the FC is because, employees have been getting email, WhatsApp on all fields under employee master which have email and phone number format. Regardless, of whose number or email it is. To add to this, they have gotten hold of the employee DP from the doctype and using that for their WhatsApp DP.

How can we secure our FC? Is this happening with others too?

IMG_21441179×2556 262 KB

Hi @asoral:

I’d suggest to contact with FC support team.

Despite there is no unbreakable system, this kind of data leaks could came by many ways. Email leaks are very common, if you analyze emails from any business account you could be able to get email addresses and even phone numbers from many people, that use to show it on corporate email footer. IA make really easy to extract sensitive data from mail inboxes.

Password interceptions are very usual too on public unsecure networks …

Your document follow notification just means that someone used the password reset link on login, it could be done by anyone who visit your site. But don’t means that your password was changed neccesarely.

Anyway, will never be completely protected. Update apps regularly, detected security issues are being solved by new releases. Increase password strengh policy and update them each month …

Hope this helps.