gistfile1.txt

The following is text converted from an email received from Aiven support using OCR software:

Hello:
Aiven recently experienced an internal security issue which has been remediated.
However, we require some additional action from affected customers.
What went wrong
When enabling multi-factor authentication in the Aiven console, there is a modal
pop-up on s.creen asking for the user to supply their password. After entering the
password, if the user pressed the "Enter" key instead ot clicking on the "Next"
button, the value of the password field was sent as a GET parameter alongside
other referral information. This was caused by an error in the code that handles
torm submission causing incorrect behaviour when the enter key was pressed
instead ofthe submit button.
This error lead to a situation where some user-supplied passwords were sent in
plain text to our monitoring and analytics tools. A small number of affected user
accounts were identified, and this account was included in that list.
How we fixed the issue
We've implemented a fix in the console code and will invalidate the leaked
passwords making them unusable. We apologize tor any inconvenience this
incident and subsequent remediation nave caused.
What you need to do
To maintain account security, we're asking that all affected users set new
passwords for their accounts before 2023-10-10. After this time we will do a
password reset on accounts that have not updated their password to ensure that
the leaked information can not be abused in the rare event they would be exposed
to third parties from our monitoring and analytics tools.
Please reset the password for the affected account as soon as possible. If you are
reacting to this message after 2023-10-10 or find that you are unable to log in to
Aiven console, use the 'Forgot password" functionality to reset your password.
Regards:
Aiven support