Security information and how to keep your account secure

On May 6 info-beamer observed fraudulent logins into six accounts. Two of those were in active use and had at least one active device. A video file was uploaded and assigned to devices in one of those accounts.

A thorough investigation does not indicate any security problem at itself. Instead the account information consisting of email address and password was very likely stolen from compromised customer machines. We have communicated with other companies in the signage business and they confirm similar incidents. One way this can happen is if a user accidentally installed malware (a “password stealer”) on their machine or is using a browser extension that unbeknownst to them gathers account information. Such information is then often shared in underground forums where it can be traded.

As a precaution all accounts with access to more than a few devices got added the “Email confirmation” authentication method to their account. When logging in, this will send an email with a code that needs to be entered during the login flow. This prevents login with just email and password as a successful login now also requires access to the email account itself.

If you’re one of those users that now has to use this login flow, consider upgrading to a more secure method: On your account page, use the ‘2FA’ (two factor authentication) section to add at least one of the supported methods: The strongest one is hardware devices like a YubiKey. Alternatively use TOTP, which requires you to install an app that regenerates a 6-digit code every 30 seconds that you’ll need to enter during login. Finally there are backup codes that each allow you to login a limited number of times in case you lost access to other methods. The recommendation is to add at least two of those methods, so you’re not immediately locked out of your account if you use one of them, and finally delete the “Email confirmation” method again.


Is my account safe?

If you properly manage the security of the machine you use to log in to info-beamer: Yes. If you’re unknowingly installed malware, your password to info-beamer and other services might be available to purchase by bad actors. You can make this a lot harder by using any of the two factor authentication methods which info-beamer provides: Use the ‘2FA’ (two factor authentication) section on your account page for that.

We’ve now rolled out additional security measures that compare a login attempt with earlier logins and enforce two factor authentication in this case. If no explicit second factor is configured, the “Email confirmation” method is used in this case.

I can’t access my email account

Get in contact with support. Having access to the account you’ve signed up with is a requirement for using the service. You should work on fixing this. If you need to change your account email, also get in contact.

I don’t want the email confirmation

You need to log in at least once. Then use “ Disable email confirmation on suspicious login attempt” option on your account page. This is NOT recommended and might be ignored in some cases. Instead use the two factor authentication feature offered by info-beamer by clicking on the Set up two-factor authentication… button. If you have at least one of them added, it will be used instead of the email confirmation.

What can I do to improve the security of my account?

In addition to using two factor authentication you can also use the permission system. If you share access to your account you can apply restrictions on what invited users can do in your account. The permission system is pretty flexible so you can for example restrict asset uploads to office hours or restrict access to a trusted IP range.

Is info-beamer itself safe?

Yes. There is no indication that anything was compromised on’s servers.


If you have any additional questions or need help securing your account, don’t hesitate to get in contact.

1 Like