On May 29, a post was published on Pastebin [What is Pastebin?] in which an anonymous author claimed to have phished an email account of Joseph Opacki, our VP of Threat Research, and announced unidentified PhishLabs data for sale. As of May 31 at 5 PM Eastern Time (US), we have found no evidence that any systems have been compromised.
As a leading provider of security services, we are often targeted by cybercriminals. Our experts are working around-the-clock to ensure the safety of our clients and we are conducting a full investigation.
Our email is hosted in a cloud environment which is separate from our core IT and service delivery systems. Also, we have implemented additional precautionary measures to further protect client data. PhishLabs does not have access to client networks.
We will provide updates as the investigation continues.
----------- June 2, 2017 Update -----------
As of today, the investigation into this event has ruled out the possibility that Joseph Opacki's email was phished or that his credentials were otherwise compromised. Also, we have found no evidence that any PhishLabs systems have been compromised at this point in the investigation.
As a precautionary measure, we have asked clients to reset their PhishLabs passwords. This password reset is a proactive measure that is a standard procedure in our incident response process.