Security Incident Update: What Happened and Who Was Affected

At GHLPlugins, we recently identified and contained a security incident involving unauthorized access to one of our cloud storage buckets hosted on Amazon S3. We are sharing a clear and transparent breakdown of what occurred and who was affected.

What Happened

A private computer belonging to one of our developers was compromised. An access key stored locally on that device was used to gain access to a single cloud storage bucket. The incident was fully isolated to that bucket, and only the files stored there were accessed.

What Was Not Accessed

Our investigation confirmed that none of the following were touched or compromised in any way:

• No GHLPlugins passwords
• No email accounts
• No billing information
• No GHL accounts
• No customer databases

Your core data and systems remain fully secure.

Who Was Affected

To make things completely clear:

• If you received an email from us about this incident, you were part of the affected group.
• If you did not receive an email, you were not affected.
• Those typically impacted were customers who had uploaded files through our task management system, as those files were stored in the affected bucket.

What We Did Immediately

The moment we detected the issue, we took swift action to secure the environment and prevent any further impact:

• Revoked and rotated all affected access keys
• Secured and isolated the compromised device
• Conducted a complete audit of our cloud permission structure
• Implemented stronger monitoring and additional security controls
• Enforced stricter key management policies and device-level protections

We continue to monitor closely as an added layer of precaution.