AU10TIX Statement at a Glance
We don’t treat security as a once-and-done checkbox, but rather as a living, constantly evolving discipline. That’s why, when a past credential exposure came to light, we approached it the same way we approach everything: with rigor, transparency, and independent validation.
“At AU10TIX, risk is part of our business. We investigate, validate, and evolve continuously to make sure customer data stays protected and trust remains uncompromised.”
– Yair Tal, CEO, AU10TIX
Following our proactive investigation and an external forensic review, we can confirm:
• No evidence of data exposure
• No access to production systems
• No customer impact
• No AU10TIX information found on dark-web or threat-intelligence platforms
The incident was contained and resolved, and we further strengthened controls.
| Event Date: Jun-24 | |
|---|---|
| What Happened | Legacy credentials from a personal-device compromise appeared in a public post |
| System Scope | Inactive credentials tied to a decommissioned log-management tool, isolated from production |
| Outcome | No evidence of data exposure, access, or misuse |
| Validation | Full independent forensic analysis confirmed findings |
| Actions Taken | Revoked access, audited systems, strengthened controls, expanded monitoring |
What Happened
In June 2024, AU10TIX discovered that a single set of previously compromised inactive employee credentials had surfaced in a public Telegram post. The credentials related to a legacy log-management system that was already being phased out and had no connection to AU10TIX production systems. Although internal systems confirmed the credentials could not be used to access customer data or production environments, we engaged an independent cybersecurity firm to validate findings end-to-end.
What We Confirmed
The independent review concluded:
• No evidence of data exposure
• No access to production environments
• No customer or partner impact
• No AU10TIX data found on dark-web or threat-intelligence platforms
Actions Taken
Even in a zero-impact scenario, we acted decisively:
• Verified and revoked the inactive credentials
• Completed an internal audit and cross-team access validation
• Engaged external forensics to validate our posture
• Enhanced endpoint, SaaS, and identity controls
• Further strengthened continuous threat detection & monitoring
Current Status
The investigation is closed. Our security posture remains strong and continues to advance. No customer action is required.
| Timeline of Events | |
|---|---|
| June 2024 | Credentials observed; confirmed inactive; isolation verified |
| June–July 2024 | Independent forensic review completed |
| Q3 2024 | Credential & access hardening, enhanced endpoint controls |
| July 2025 | Transparency statement published |
Guidance for Customers
No action is required. We always encourage standard best practices, including periodic credential rotation and RBAC reviews within your own environments, measures we apply rigorously within AU10TIX.
How AU10TIX Protects Data
Defense-in-Depth
• Zero-trust architecture
• MFA and identity-lifecycle governance
• Cloud security posture management
• Endpoint threat detection & response
• Continuous monitoring and alerting
Independent Validation
AU10TIX maintains globally recognized security certifications:
• ISO 27001 & ISO 27701
• SOC 2
• Compliance with GDPR, CCPA, and international data-protection frameworks
Commitment to Transparency
We continuously monitor threats, evolve defenses, and maintain open communication with customers and relevant authorities. Any material updates will be published here.
Last updated: 2025-07-28 15:00 UTC
For questions: [email protected]
AU10TIX maintains industry-leading security standards across identity verification and fraud prevention. Independent validation, continuous monitoring, and rigorous access controls ensure customer trust remains uncompromised.
Was customer data accessed or exposed?
There is no evidence of exposure or misuse.
Did this event affect production systems?
No. The credentials did not provide production access and were already inactive.
Why notify the public if there was no impact?
Because trust thrives on clarity and accountability, not silence.
Do customers need to rotate API keys?
No customer action is required.
Was this connected to AU10TIX production systems?
No, the credentials did not provide access.
Why were the credentials inactive?
They belonged to a legacy system already being retired.
Has AU10TIX strengthened controls since?
Yes, we expanded endpoint security, credential governance, and continuous monitoring.
Will AU10TIX provide updates?
Yes. Any material changes will be reflected here and timestamped.
