Security Notice: Data Leak Affecting a Limited Number of Accounts

Security Notice: Data Leak Affecting a Limited Number of Accounts

by Gael Fraiteur on 07 Sep 2025

We regret to inform you of a data leak that occurred on the PostSharp Customer Portal between Wednesday, September 3rd, and Tuesday, September 9th.

Who is affected?

A total of 38 customer accounts were impacted. If your account was affected, you will:

  1. Receive a personal notification email within the next 24 hours.
  2. Notice that you can no longer sign in to the portal using your license keys.

What data was leaked?

Only the content of the https://www.postsharp.net/account page of the portal was exposed, including:

  • Company name and billing address (or customer name and address for natural persons)
  • All subscription dates, number of users, licensed products, and support level
  • All license keys for PostSharp and Metalama

What was not leaked?

  • Contact lists or email addresses
  • Prices, invoices, or quotes
  • Support tickets
  • Source code (never uploaded to our servers)

Who accessed the data?

At most, one other PostSharp customer may have received your data in error.

How did this happen?

A caching error occurred in the daily job that sends subscription renewal notifications, causing account data to be sent to the wrong recipient. The first customer of the batch received all emails.

Timeline of events

  • Wed 9/3, 11:00 AM – First incorrect email sent.
  • Mon 9/8, 8:00 PM – Data leak reported by the receiving customer.
  • Tue 9/9, 2:00 PM – Report read and incident confirmed.
  • Tue 9/9, 4:30 PM – Credentials invalidated and issue remediated.

How we fixed it?

  • All past magic URLs were invalidated by rotating the salt for each affected account.
  • License keys exposed in the leak were disabled for authentication to the portal.
  • The caching bug was fixed.

Do you need to take action?

  • No action is required. Your license keys will continue to work normally with PostSharp and Metalama products.
  • If you prefer, we can issue new license keys on request, to ensure that any leaked key cannot be used by another party.

How to log in now?

If your license keys no longer work for portal login:

  • Use email authentication (one-time PIN or magic link) for one of your account contacts.
  • If you do not know your contact, please write to [email protected] from your work email.

We take full responsibility for this incident and sincerely apologize for the error. We are committed to ensuring it does not happen again.

This article was first published on a https://blog.postsharp.net under the title Security Notice: Data Leak Affecting a Limited Number of Accounts.
  • Twitter
  • LinkedIn
  • RSS
  • Slack