An industry-wide, hardware-based security vulnerability was disclosed on 3 January 2018. The vulnerability that was disclosed requires specific exploit code to be run on a CPU. This is a relevant problem for compute-as-a-service providers (i.e. AWS EC2) as by their nature, these services allow customers to run arbitrary code on the provided compute service. This threat scenario is not applicable to Wasabi as we do not offer compute-as-a-service to our customers.
Wasabi operates our own servers (we do not use a third-party compute-as-a-service offering) so we don’t allow arbitrary code to be run on our servers. As such, these flaws do not pose a direct threat to the Wasabi service or the data stored therein. With that said, Wasabi is continuing to evaluate the server vendor patches that are relevant to server components that we do use and we will implement these patches as they become available.
Keeping our customers and their data secure is always our top priority. Wasabi continually tests and monitors our systems for vulnerabilities such as this. We have taken active steps to ensure that no Wasabi customer is exposed to these types of vulnerabilities. At the time of this knowledge base posting, Wasabi has not received any information to indicate that these types of vulnerabilities have been used to attack the Wasabi infrastructure or in any way impact the integrity of customer data stored with the Wasabi service.
Please continue to monitor this knowledge base article for additional information on this topic.