According to Foresight News , Ahmad Shadid, founder and CEO of io.net, tweeted that the io.net metadata API suffered a security incident. Attackers exploited the accessible mapping of user ID to device ID, resulting in unauthorized metadata updates. This vulnerability did not affect GPU access, but it did affect the metadata displayed to users by the front end. io.net does not collect any PII and does not leak sensitive user or device data.
Shadid said that the io.net system design allows for self-healing, constantly updating each device to help recover any metadata that was changed in error. In light of this incident, io.net has accelerated the deployment of OKTA's user-level authentication integration, which will be completed within the next 6 hours. In addition, io.net has also launched Auth0 Token for user verification to prevent unauthorized metadata changes. During the database recovery, users will temporarily be unable to log in. All uptime records are unaffected, and this will not affect the vendor's computing rewards.
