We recently introduced a new feature to improve customer password security. We included a new strength meter and we also began checking newly entered and reset passwords internally against publicly-known lists of common, weak or previously exposed passwords.
Unfortunately, we identified an error that stored these passwords visibly in our internal logging system. While access to this data was only accessible to a restricted group of FreeAgent engineers, we took immediate action to rectify the problem.
We have identified all the customers who could potentially have been affected and have emailed them to let them know. If you’re a FreeAgent customer and you haven’t received an email about this issue, there’s nothing that you need to do.
We are very sorry this happened and we remain committed to reviewing and improving our processes to ensure that similar incidents do not occur in future.
Richard Grey is Head of Information Security at FreeAgent. He is a Certified Information Systems Security Professional with over 15 years' experience managing personal data across various software solution providers.