Onovative is aware of client concerns around the recent security vulnerability associated with the Solarwinds Orion platform. At this time Onovative has confirmed that Solarwinds products, including Orion, are not leveraged by any of our proprietary platforms. Additionally, we have contacted our third-party partners who interact with client data for the processing of email and print communications to identify any exposure the Solarwinds vulnerability might present to client email addresses and/or customer names and mailing addresses used for delivery of communications through these channels.
Lob our third-party print provider has confirmed that they make no use of any impacted Solarwinds products.
Sendgrid our third-party email provider has indicated that they leveraged an impacted version of the Solarwinds Orion platform, but have taken swift action to mitigate the risk and have performed internal forensics to establish confidence that the risk did not lead to loss of client email addresses or related information sent through their API. An official statement from Sendgrid follows.
"On December 13th Twilio was made aware of a security advisory about Solarwinds Orion. This software is at the center of recent news about state sponsored hacking against the United States Government and other private sector targets. While Twilio does use the Orion product in a limited capacity within our environments, we have found no evidence of system compromise with our installation. At the time we became aware of the issue we were running Orion version 2020.2 which has been identified as an impacted version. In response to this advisory, we immediately disabled the Orion server and started the process of rebuilding it from a new base install. At this time, we expect no impact to our services or customers as a result of these activities."
For additional details on the Sunburst vulnerability introduced to the Solarwinds Orion platform please visit the official Solarwinds statement at https://www.solarwinds.com/securityadvisory