southliner.blogg.se - Workflowy security

WORKFLOWY SECURITY PASSWORD
WORKFLOWY SECURITY DOWNLOAD

Because of that previous activity, we were able to quickly identify and act on this attack. In the following days, we observed user login activity similar to what triggered the flurry of e-mails reported to us on March 12. We were not initially aware that any user accounts were at risk of compromise. We take our relationship with our users seriously, so we acted promptly based on what was known at the time and communicated what we believed was occurring. We posted to Twitter to alert users about this. After an initial investigation, we determined that the activity began on March 10 and appeared to be the work of a spammer. On March 12, we received a flurry of user reports of receiving multiple automated e-mail messages from us regarding their accounts.

WORKFLOWY SECURITY PASSWORD

Additionally, because of the nature of the attack, the only accounts impacted are those that a) use passwords for login, and b) use the same password for Workflowy as for other services.

Based on our investigation, the attacker targeted a limited number of Workflowy accounts during the attack, and the vast majority of Workflowy users were not impacted. We also believe that our actions mitigated and ultimately stopped this attack, as further discussed below. We have no way of knowing where the attacker got the credential information used in this attack, but we have identified no evidence that it originated with Workflowy. You can read more about credential stuffing here. While we do not have visibility to the specific tools used by the attacker, evidence from the attack appears consistent with “credential stuffing,” which is the automated use of collected usernames and passwords to gain fraudulent access to user accounts. Workflowy’s back-end systems and infrastructure were not compromised in this attack.

This malicious activity initially appeared to be the work of a spammer, but upon further investigation we identified that the real target was gaining access to individual accounts. For people who re-use passwords, we simply do not know exactly which accounts were compromised.Īs we posted about on our Twitter account, individual Workflowy accounts were recently targeted by an unknown attacker. If you use a strong password and don’t re-use it, your account 100% has not been compromised.

The only way your account was compromised was if your Workflowy password is re-used on other sites. Important: Most people who received an email from us did not have their accounts compromised! We emailed every single user who logged in during the period of the attack and told them as much. Having this exporter actually makes me feel more comfortable with continuing to use WorkFlowy as I experiment with Logseq.Update : Note, if this is the first you’re hearing about this attack, then you weren’t impacted. But I see potential new workflows that Logseq could unlock, and I'm experiencing some FOMO around that. Side note: I frickin' love WorkFlowy, and I'm not building this because I'm unhappy with it in general.

WORKFLOWY SECURITY DOWNLOAD

download exported data as files in browser.

split children of root node into separate md files.

probably more things I haven't thought of.

do something with completed items (add "DONE" to beginning of block?).

figure out what to do with the "note" property (Shift+Enter in WorkFlowy).

change links to other nodes to ((blockRefs)).

De-duping mirrored nodes and adding a reference to the source node ( mirrorRoot property) which can eventually be turned into.

Iterating through the current tree in WorkFlowy and copying data into a tree data structure.

Not sure when I'll get around to continuing work on it, but you're welcome to fork this repo and pick up where I left off! The goal of this project is to build a "high-fidelity" WorkFlowy-to-Logseq exporter/importer that preserves things that the built-in WorkFlowy exporter misses, like mirrors, links to other nodes, and so on.Īs of this commit, there's much work to do still.