Last week, enterprise software vendor Jive notified customers of a data breach, which may have led to outsiders gaining access to their accounts.
According to the Palo Alto-based company, the incident dates back to August 24, when it learned that user credentials had been “held in a file outside [its] normal encryption procedures.”
In the notification letter submitted to California’s Office of the Attorney General (PDF), the company said it believes the file may have been accessed by an unauthorized third-party.
The data breach involved the email addresses and passwords associated with Jive’s Producteev task management software.
“We cannot confirm that your username or password was compromised, but we are notifying you so that you may take protective action,” the letter read.
The company noted that it has not experienced any unusual login activity as a result of the incident.
However, if an unauthorized party obtained a user’s credentials and logged in, he or she could access the account holder’s name, tasks, and other information, said Jive.
“Upon discovery, the Producteev team took immediate steps to investigate and seek to remedy the issue,” the notice said.
“The team has discovered the cause of the issue and remediated the vulnerability causing it. As detailed below, we are requiring that all users change their passwords,” Jive said.
A company spokesperson told ZDNet that although it appears that a “very small number” of Producteev user account credentials were accessed, it cannot confirm that those were the only accounts compromised.