Last week, due to some temporary debug code that was promptly removed, we discovered that some splunk.com users’ passwords inadvertently appeared in our internal web server logs. No one’s password was accessible from the internet or the splunk.com web site, and we took immediate steps to purge the confidential information from our internal system logs. Our internal IT team that monitors the Splunk.com site logs are the only employees who would have temporarily been able to see these passwords. Note that this only applies to passwords to our web site, splunk.com, used for things like creating customer support tickets, and did not involve anyone’s deployment of Splunk software or the data stored in customers’ instances of Splunk.
As a best practice, we proactively reset all potentially affected users’ passwords; cleared all of these users’ active sessions on splunk.com; purged the information from all internal log files; and then notified all affected users, sending them a new temporary password. If you received this email, we recommend that you change this temporary password as soon as possible using the instructions below:
1. Point your browser to http://www.splunk.com
2. Click on the “Login” link in the top right corner of the page
3. Enter your splunk.com username and password that was emailed to you, then click “Login”
4. Once you are logged in, click on “My Account” in the top right corner of the page
5. Under “Email Address:” in the left hand column, click “Edit Login and Email Subscriptions”
6. In the “Password” section, enter the password that was emailed to you under “Old Password:”, choose a new password, and enter it under both “New Password:” and “Confirm New Password:”
7. Click “Save Changes”
If you have any problems changing your password, please use the lost password tool here.
We also recommend that if you have used your old splunk.com password on other systems or websites, you should change those passwords and retire your old splunk.com password.
Anyone who has a question or concern about this incident is encouraged to contact Splunk Support