Security statement on ownCloud breach

Originally published at: https://nextcloud.com/blog/security-statement/

We are receiving information requests from customers and users worried about the severe security breaches. These occurred in ownCloud (recently aqcuired by US file sync and share vendor Kiteworks) as reported on by Arstechnica and others.

ownCloud breach does not affect Nextcloud users

We want to make clear that these absolutely do not affect Nextcloud. Nextcloud has a strict security process backed by a USD 10K bug bounty program. We, for example, have a policy to remove test data from libraries that are shipped, to avoid risks like these.

Nextcloud has diverged significantly over the last years from ownCloud, accelerating our development. There are serious risks associated with using legacy, minimally-maintained software and we would want to point out to users and customers that migration to Nextcloud is quick, easy, painless, and helps keep their data private.

See here the ArsTechnica article about ownCloud breach in question.

17 Likes

This one might be good to pin, there have already been a couple posts asking about it

3 Likes

I’d like to point out that a Bug Bounty Program, if well maintained, can be super helpful if you want to keep software secure… Here’s the stats of our HackerOne bug bounty program. See HackerOne

4 Likes

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.