Security builletin: ASEC-24-002 (#464)

Create ASEC-24-002-Security-incident-on-Arduino-infrastructure.md

Author: seaxwi

content/About Arduino/Arduino Security Bulletins/ASEC-24-002-Security-incident-on-Arduino-infrastructure.md

@@ -0,0 +1,20 @@
+---
+title: "ASEC-24-002 - Security incident on Arduino infrastructure"
+---
+
+Bulletin ID: ASEC-24-002  
+Date: Dec 12, 2024  
+Product / Component: Arduino web infrastructure
+
+## Summary
+
+We have recently been made aware that a hacker published a set of information related to our infrastructure on a dark web forum. Our Security Team has investigated the claim and our incident response process has been immediately implemented.
+
+To our knowledge, a leaked API access key has briefly been used to download PDF files representing certificates of completion of Arduino courses, which is not harmful information to our users. The leak was immediately remediated.
+
+This exposure is related to a security incident that happened some months ago, to which we promptly reacted by taking adequate countermeasures. At the moment we have no evidence that the incident can result in harm to the security of our Arduino Web and Cloud services.
+We remain committed to provide the highest security standards and thank you, our community, for your trust and support.
+
+## Contact
+
+If you encounter any issues or have questions regarding this security update, please contact our security team at [email protected].