In short: the warning was a false-positive, no user-data compromised, no end-users impacted to our knowledge.
Last Wednesday (18th of July 2018), for 9 hours (8am to 6pm PST), users visiting www.gitbook.com may have seen this scary warning:
Our team received a few emails about a warning displayed when trying to access GitBook from Chrome (and other browsers). We immediately started to investigate and found the origin of the issue less than 30 minutes later… It took another 8h or so for Google to jump in and process our review.
Unfortunately, all platforms hosting user-generated content are at risk of abuse by spammers. We’re no exception.
We do have automated anti-spam measures in place, but they didn’t catch these specific projects.
No, even if you have saw this message, you are not at risk, unless you visited one of the few suspicious v1 books with unsafe links.
For a user to be affected by the malicious links, they would have had to:
Visit an unsafe project on legacy.gitbook.com (GitBook v1)
Click one of the malicious links in the project’s content
Which redirects them to a 3rd-party website
Where the attacker’s website would try to trick them into downloading some malicious software.
Our data indicates that a majority of those links were for “software cracks” and other “warez”, such content violates our terms of service.
As soon as we were alerted of the issue, we reached out to Google via our Google Search Console and requested a security review.
In the meantime, we carried out bulk reviews of v1 content to detect the projects Google detected as “unsafe” and stopped showing all user-generated links on the main GitBook v1 domain (legacy.gitbook.com).
As of now (and since Wednesday evening), all users should be able to access GitBook without seeing any in-browser warnings.
On the v1 (also known as legacy GitBook), you should not see warnings on most pages. However Chrome & Firefox should (correctly) show warnings on some of those unsafe pages (see Google’s report)Legacy.GitBook.com’s safe browsing status
Batch reviews of v1 content, to block malicious users and their content
Improving our automated anti-spam systems, to better detect suspicious content/users whilst minimizing impact on real-users (on v2)
Make it easier for users to report suspicious users / content (on v2)
We take the security of our users and their data very seriously. We’ll continue to share transparent postmortems on all major security incidents to help you understand what happened, why it happened and how it affects you.
If you have any questions on this specific topic or others, please reach us at firstname.lastname@example.org