This morning, it appears as if there’s been a compromise of our CDN. The team is on it. We’re correcting the problem. We’ll come back with a complete report as soon as we’re finished.
Update at 12:21 pm Eastern – We noticed early this morning via Twitter that a large number of folks using Chrome were being warned of malware when visiting sites with Clearspring Launchpad widgets. To summarize the event, our portion of the Content Delivery Network (CDN), the service we use to efficiently host all Clearspring widget internals, was compromised with files that redirected users to a certain malware domain (which we won’t link here). We quickly fixed the issue and are now back to normal operation as far as the CDN is concerned. Because of Google’s aggressive malware prevention policy, users may continue to see warnings until Google completes its re-review process. We’re doing everything we can to help this move as quickly as possible, and according to Google’s documentation it should be within a day at maximum.
We have taken short-term steps to lock down the CDN completely while we determine the true technical root cause of the initial malicious files.
We take the integrity of our infrastructure extremely seriously, and will post a detailed followup as the investigation completes. We sincerely apologize for any inconvenience caused to you and your visitors, and you have our assurance that part of the investigation also includes reviewing our early-detection mechanism for this type of failure specifically.
Note that this issue had no affect on the AddThis sharing platform, only on widgets served via the earlier-generation Clearspring Launchpad platform.
You all have a great Sunday!