Originally published at: https://nextcloud.com/blog/security-statement/
We are receiving information requests from customers and users worried about the severe security breaches. These occurred in ownCloud (recently aqcuired by US file sync and share vendor Kiteworks) as reported on by Arstechnica and others.
ownCloud breach does not affect Nextcloud users
We want to make clear that these absolutely do not affect Nextcloud. Nextcloud has a strict security process backed by a USD 10K bug bounty program. We, for example, have a policy to remove test data from libraries that are shipped, to avoid risks like these.
Nextcloud has diverged significantly over the last years from ownCloud, accelerating our development. There are serious risks associated with using legacy, minimally-maintained software and we would want to point out to users and customers that migration to Nextcloud is quick, easy, painless, and helps keep their data private.
See here the ArsTechnica article about ownCloud breach in question.