On August 30th, we were notified of and then resolved a security issue with links included in the emails inviting users to join the platform, that would have potentially enabled users to log in as a different user (360Learning Status Update).
We deployed a fix on Wednesday, September 1st, which did the following:
- Removed the security threat from our invitation emails
- Disabled the links in invitation emails sent prior to the September 1st fix
This issue concerns only email notifications for joining the platform, sent to new users (see Add users to the platform). Other notification emails, such as session invitation emails for existing users, were not impacted.
For users that were invited to the platform before the September 1st fix deployment, platform or group admins need to send them a reminder email. The original email invitations will no longer work.
To generate reminder emails with the corrected links:
- Go to your group settings
- Click the
- In the left sidebar, click
SEND A REMINDER, or click
Resend invitation(icon of a round arrow, on the right of the user’s name)
If you have any questions, please feel free to contact our support team.