Is anyone else seeing other people's courses appearing in their Review site? Every time I return to my review page I see a new course from another author. The course disappears on refresh, but then when I return I see a different one from someone else. This has been happening on and off for the last few hours, just curious if it's just me.

Thanks for getting in touch with us about yesterday’s Review 360 incident. I’d like to provide more context about what happened and what we’re doing about it. Yesterday at 1:47 pm ET, our team published an update to Review 360 that made it possible for a small number of Review 360 users to see content created by users outside their account. Customers alerted us about this issue yesterday at 4:53 pm ET, and our team began investigating immediately. We identified the cause and reverted the update at 7:31 pm ET. Since then, our team has been focused on gathering details to share with any users affected by this issue to make sure we’re communicating with folks as soon as possible. We’re reaching out to customers who were directly affected by this issue. More information is available on our status page: https://www.articulatestatus.com and a full post mortem is available here. We're working on identifying exactly where our engineering and quality processes broke down here so we can make sure it doesn't happen again. We know we hold an important obligation to safeguard your content and maintain your trust, and we are deeply sorry. We’ll work hard to earn your trust with improved processes. If you have any other questions, please reach out to our Support Team directly by emailing Support@articulate.com or opening a Support case.

Since last week’s post-mortem, we’ve dug further into this incident and identified the exact circumstances in which folks could view content that they weren’t authorized to see. We’d like to share this context. Right now, the Review 360 engineering team is working on developing a team folders feature. This functionality will allow members of the same Articulate 360 team to organize content into folders that are shared with their teammates. To build this feature, the team created a process where users’ dashboards receive updates when teammates create new shared content. Last week, the team released a bug where users could receive updates that were not correctly filtered to members of their team. This bug only occurred in a very specific set of circumstances: when a user navigated from viewing Review 360 content back to the dashboard and while the dashboard was still loading. This error was limited to displaying the content in the user’s dashboard and enabling the user to view the content. The user wouldn’t be able to duplicate, download, export, rename, or move content. What’s Next We’re working through our process for investigating serious incidents, and that means we’ve appointed an internal incident investigator from outside the responsible engineering team. This investigator will interview team members, review code and internal processes, and ultimately make recommendations to address the gaps that this incident exposed. We’ll update you further with an overview of the types of changes we’re making to ensure this doesn’t happen again. Please let us know if you have any questions or if we can provide additional context for your team.

Hi Everyone,We've resolved the issue and are working to determine who was impacted. We will update you when we have more information.

This isn't a tiny bug, this is a massive security and intellectual property issue. Especially because the links are static (i.e. once someone knows the URL they can still gain access even after it's removed from the homepage.) So now I have no idea which of my thousands of courses might have a security breach.

Thank you, Traci and Kayla, for reporting this behavior. We are taking this seriously and our investigation is underway. As Matthew mentioned, any and all details that you can share with us via a Case are greatly appreciated. We will keep you updated, both privately and publicly, on the progress of our research.

Other people's courses appearing in Review?

Traci
Community Member
3 years ago
Yeah! I can open them which is terrifying! I've already grabbed a few screenshots at this point.
kaylaburtch-de0
Community Member
3 years ago
That just happened to me too! I left a comment for the person warning them they should delete that version and publish a new one so I (and anyone else) lose access. The course is gone from my feed but the link still works because it's static.

This is such a MAJOR breach of security, I might have to stop using this tool entirely to avoid being sued for a breach of NDA. I'm pretty upset.
- Traci
  Community Member
  3 years ago
  I found one of the course owners on LinkedIn and let her know! So crazy that this is happening!
kaylaburtch-de0
Community Member
3 years ago
This isn't a tiny bug, this is a massive security and intellectual property issue. Especially because the links are static (i.e. once someone knows the URL they can still gain access even after it's removed from the homepage.) So now I have no idea which of my thousands of courses might have a security breach.
Justin
Staff
3 years ago
Thank you, Traci and Kayla, for reporting this behavior. We are taking this seriously and our investigation is underway.

As Matthew mentioned, any and all details that you can share with us via a Case are greatly appreciated. We will keep you updated, both privately and publicly, on the progress of our research.
eLearningTeam-6
Community Member
3 years ago
Agree, that this is totally unacceptable. Can Articulate please advise who has been affected by this issue and an ETA on when it will be resolved? Thanks
eLearningTeam-6
Community Member
3 years ago
Would courses/modules that have been password protected in Review links be viewable by others OR would they have been asked for a password? Please provide an update ASAP. Thanks
eLearningTeam-6
Community Member
3 years ago
I think the best course of action is for Articulate to temporary shut down Review 360 until this matter is resolved. As it is a huge breach of privacy.
JamesWelle
Staff
3 years ago
Hi Everyone,

We've resolved the issue and are working to determine who was impacted. We will update you when we have more information.
JamesWelle
Staff
3 years ago
Password protected content in Review 360 remained protected by the password during this incident.
eLearningTeam-6
Community Member
3 years ago
Thanks for the reply. What has been put in place to ensure that this doesn't happen again?

Forum Discussion

Other people's courses appearing in Review?

Related Content

Accelerate Course Creation with AI Assistant

Closed captions not appearing

Course Reports

Publish Course

Preview Course

AI: Course Settings

Articulate Localization: Create Multi-Language Rise 360 Courses

AI: Course Outline Generation

Publish: Exporting Courses

Settings: Translate Your Course

Recent Discussions

Numeric variables - issues with tied results

Rise - Language and labels editing

Moving Player Controls to the Center

Previous button isn't working correctly

Developing SOP's

Learn

Connect

Discover

Community

Company

Trust Center