Security Updates on the Ning PlatformNing News Technology
On April 12th, we received confidential details of a security vulnerability that could allow someone to sign in as an arbitrary Ning user. The intent was not malicious, and to our knowledge and reasonable belief, there has been no unauthorized access to user accounts. The Ning engineering team immediately took several steps: We changed the encryption information to generate a sign-in cookie, and we changed where the information was stored. In addition, we proactively strengthened the encryption algorithm. The changes were then immediately rolled out across the Ning platform starting late last week. Ning Creators and their members may have noticed the protective measures when we forced all users to sign-in again. At this time, we are confident that we have addressed the vulnerability.
We would like to thank the team that identified the vulnerability and collaborated with us to fix it. We take privacy and security very seriously at Ning. We would again like to emphasize that due to the confidential way we were approached, no user accounts have been maliciously compromised.