On September 20 an industry user reported an exploit during registration in Symphony.  This was done in a controlled environment. Upon this report, this gap was immediately patched.   You can determine if you were affected simply by verifying that every user in your account is known to you.  Please be aware, that you have and will continue to receive email notifications when someone registers for your organization. If someone has registered that is unknown to you, please report the user’s email directly to client.support@apexlogic.com

We have taken additional measures to ensure your data is safe and will advise you directly if we see a suspicious account registration on behalf of your organization. 

To verify that your account is safe, please follow the instructions below. 

-- As an admin user, please login into your Symphony account. 
-- Verify all users are known. 
-- Delete any users that do not need access or who are no longer with your organization. 

Please be aware, that every user must access Symphony with their personal corporate email account. 
Distribution emails should not be used. 

You may not share accounts. 

Please pay attention when you receive an email that a user has registered in your company account. Do not activate anyone you can not verify. Please note this does not affect government users.

Symphony will no longer auto activate users, regardless of SAM POC status. If you are a SAM POC  and are the first person registering for your organization, you will need to be activated by opening a ticket with the Symphony help desk. Additional verification will be required. You will then be responsible for activation of all future users. 

We are here to support you and will continue to work diligently to ensure your data is safe.