Here is a brief overview of what happened and what we're doing to stop it:
- We discovered that someone is using our anonymous public storage as a free cloud file server, completely unrelated to MindMup. They were simulating what our software does to gain access to upload new files to our storage.
- No existing user files on our storage are affected in any way - anything you had stored with us was not compromised. They were only uploading new files.
- No existing user files stored on Google, Dropbox or Github were affected in any way, nor did anyone gain access to your storage there (in order to prevent abuse, only your browser can access your storage with MindMup, our server does not ever get any authorisation).
We built anonymous storage as a quick and convenient way for users to create mind maps, and it really saddens me to discover that someone is abusing it, but I guess this is the reality of the internet. We can't afford to support this kind of open abuse, but we still want to keep the site frictionless so at the moment we want to keep anonymous storage open. Without asking people to log on and create accounts there is only so much we can do to prevent unwanted uploads, but we are going to tighten up the server side to at least try to fight off these freeloaders.
At the first instance, we're reconfiguring the back end to try to accept only legitimate requests. Theoretically, no valid use case should be affected by the changes, but with all tighter security rules things might get falsely flagged and blocked - so please let us know if you experience any problems using the web site in the next few days.
If you experience anything strange with the web site, such as loading problems, map access issues, this might be related to tighter security rules. You can contact us by sending an e-mail to firstname.lastname@example.org or leaving a comment on this blog.