What Happened
On January 7, 2026, we identified unauthorized email messages sent from one of our internal system email addresses. These messages were sent without our authorization and contained content unrelated to Praan.
Our investigation confirmed that an external actor misused email sending credentials associated with a legacy internal application. The activity was limited to outbound email transmission only. No evidence was found of compromise to user accounts, databases, or any other systems.
What Was Affected
- Outbound email delivery only - The unauthorized activity was limited to sending emails
- No customer data, accounts, or systems were accessed
- No user passwords or personal information were compromised
- No production infrastructure was affected
- Unauthorized emails were sent to a limited number of external recipients
What We Did
- Immediately disabled and rotated the affected credentials
- Secured all related systems and applications
- Reported the incident to the appropriate authorities
- Notified recipients to disregard the unauthorized messages
- Implemented additional security monitoring and controls
- Enhanced our credential management practices
Current Status
- The issue has been fully contained
- No further unauthorized activity has been detected
- Additional security monitoring and controls have been implemented
- All affected credentials have been rotated and secured
- Ongoing monitoring is in place to detect and prevent similar incidents
Our Commitment
We take security seriously and continuously review and improve our systems. We regret any inconvenience caused and appreciate your understanding.
If you received an unauthorized email from us, please disregard it. We have taken steps to prevent this from happening again.
For questions or concerns about this incident, please contact us at softwareplatforms@praan.io.