Recently, we became aware of an incident where an individual (bad actor) was able to access our third-party Customer Relationship Management (CRM) software. This access was promptly disabled.
Before being disabled, the bad actor gained access to our CRM software for a short period of time. The bad actor accessed a small number of customer support tickets and accounts inside our CRM system. The bad actor attempted to download bulk member data from the CRM system, however, logs demonstrate that the access to the requested bulk data ultimately was prevented.
It is important to note:
No user credentials were accessed. User credentials are not stored nor accessible from the CRM software.
No payment information was accessed. No payment information is stored nor accessible from the CRM software.
Our internal technical review is a top priority and ongoing, but we wanted to share what we know at this time. We also are working on enhancing account security measures.
In addition, we want to take this opportunity to remind you that you should always use a strong password that is unique for each website or service you use. For example, you absolutely should not have the same password for iRacing and any third-party services that you may use in connection with iRacing (such as custom car painting platforms).
We take account security extremely seriously and we very much appreciate your participation in the iRacing community.