(Resolved) Summary of email invitation security issue

  • Updated

Issue Summary

On August 30th, we were notified of and then resolved a security issue with links included in the emails inviting users to join the platform, that would have potentially enabled users to log in as a different user (360Learning Status Update).

Issue Resolution

We deployed a fix on Wednesday, September 1st, which did the following:

  • Removed the security threat from our invitation emails
  • Disabled the links in invitation emails sent prior to the September 1st fix

This issue concerns only email notifications for joining the platform, sent to new users (see Add users to the platform). Other notification emails, such as session invitation emails for existing users, were not impacted.

Additional Action

For users that were invited to the platform before the September 1st fix deployment, platform or group admins need to send them a reminder email. The original email invitations will no longer work.

To generate reminder emails with the corrected links:

  1. Go to your group settings
  2. Click the USERS tab
  3. In the left sidebar, click Invitations > Sent
  4. Click SEND A REMINDER, or click Resend invitation (icon of a round arrow, on the right of the user’s name)

If you have any questions, please feel free to contact our support team.

Check out our blog for more L&D resources.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request