WARNING | iLok security seems to have been breached

I just noticed this back on the old DUC:

 

my crane song phoenix was stolen from me by ilok - Avid Pro Audio Community

 

Avoid syncing your iLok key until this issue has been resolved.

ilok is the WORST...what good is being able to take a license anywhere in the world...if most of your other plugins DON'T use ilok?

(plus i hated using a usb port on the road for it). ugh...

how they managed to top the last ilok issue of the last few months is impressive, but this is just all wrong.

There is now an official reply from PACE:

 

It looks like there is some speculation and misinformation being posted here so we'd like to clear up what is going on.

 

First, the entire iLok ecosystem was unaffected by the Heartbleed vulnerability. This includes the iLok.com website, the iLok License Manager application, and our license activation services. Our site and services are running smoothly without any problems.

 

Second, we did send emails to a small number of iLok users regarding license deposits that were made to their accounts by mistake. These users were not randomly chosen, we actually audited every single license to carefully identify only those that were mistakenly deposited.

 

If you didn't receive an email from us, there were no mistaken deposits identified in your account. But since there seems to be so much speculation and concern by those who were not affected, we're happy to share more information here.

 

The license deposits that we sent emails about were deposits created by our server, NOT deposits made to an iLok account by a software publisher. These deposits were made when our server saw an iLok but failed to recognize the licenses on that iLok as the very same licenses that already were listed in the iLok account. This created a duplicate of the license, and in some cases, created a full license when what was actually seen on the iLok was an expired license.

 

This means that the licenses that are being removed are duplicate licenses that should never have been deposited.

 

So what does this mean for you?

 

If you didn't get an email from us, that means nothing was changed in your iLok account.

 

If you did get an email from us, your email lists the licenses that were mistakenly deposited. If the license is currently activated on an iLok, we told you which iLok the license is on, and how to return it. Only the licenses listed are set to be returned.

 

Several of the posters here had purchased this type of license from another iLok user. Unfortunately we can only direct them back to the party that they purchased the duplicate license from.

 

We’d like to take this opportunity to publicly apologize to the iLok users who received the mistaken deposits for any inconvenience this may have caused.

 

Again, if you didn't receive an email from us, your account was not changed in any way.

 

We hope this helps clear up the questions and worries being posted here. Our support team has been answering the questions of the affected users that have written in to us, and will continue to do so

There is now an official reply from PACE:

 

It looks like there is some speculation and misinformation being posted here so we'd like to clear up what is going on.

 

First, the entire iLok ecosystem was unaffected by the Heartbleed vulnerability. This includes the iLok.com website, the iLok License Manager application, and our license activation services. Our site and services are running smoothly without any problems.

 

Second, we did send emails to a small number of iLok users regarding license deposits that were made to their accounts by mistake. These users were not randomly chosen, we actually audited every single license to carefully identify only those that were mistakenly deposited.

 

If you didn't receive an email from us, there were no mistaken deposits identified in your account. But since there seems to be so much speculation and concern by those who were not affected, we're happy to share more information here.

 

The license deposits that we sent emails about were deposits created by our server, NOT deposits made to an iLok account by a software publisher. These deposits were made when our server saw an iLok but failed to recognize the licenses on that iLok as the very same licenses that already were listed in the iLok account. This created a duplicate of the license, and in some cases, created a full license when what was actually seen on the iLok was an expired license.

 

This means that the licenses that are being removed are duplicate licenses that should never have been deposited.

 

So what does this mean for you?

 

If you didn't get an email from us, that means nothing was changed in your iLok account.

 

If you did get an email from us, your email lists the licenses that were mistakenly deposited. If the license is currently activated on an iLok, we told you which iLok the license is on, and how to return it. Only the licenses listed are set to be returned.

 

Several of the posters here had purchased this type of license from another iLok user. Unfortunately we can only direct them back to the party that they purchased the duplicate license from.

 

We’d like to take this opportunity to publicly apologize to the iLok users who received the mistaken deposits for any inconvenience this may have caused.

 

Again, if you didn't receive an email from us, your account was not changed in any way.

 

We hope this helps clear up the questions and worries being posted here. Our support team has been answering the questions of the affected users that have written in to us, and will continue to do so

 

which is what i read to let me know that they have zero idea of how to treat their customers: customers who may have already showed loyalty after last year's debacle.

And once again I can pat myself on the back for having long ago made it a policy in my studio to never purchase anything that involves iLok or anything else related to PACE. As a result I've had to pass over a few interesting pieces of software here and there, but fortunately there are still more than enough smart companies out there to give me plenty of places to confidently spend more cash than I really should.

And once again I can pat myself on the back for having long ago made it a policy in my studio to never purchase anything that involves iLok or anything else related to PACE. As a result I've had to pass over a few interesting pieces of software here and there, but fortunately there are still more than enough smart companies out there to give me plenty of places to confidently spend more cash than I really should.

 

 

agreed...

Almost every professional composer I know here in Los Angles has at least one iLok, most two, for software we run and somehow we manage to get our work done. Go figure.

Almost every professional composer I know here in Los Angles has at least one iLok, most two, for software we run and somehow we manage to get our work done. Go figure.

 

Almost every professional composer I know here in Los Angles has at least one iLok, most two, for software we run and somehow we manage to get our work done. Go figure.

 

if it's part of the deal of a needed plugin, can't imagine an argument. i had 3 plugins i needed it for, now...none. i do NOT miss it!

bottom line is...it's not a dealbreaker, just annoying...

I disagree. With iLok I can go to anyone's studio to work, download the software and plug it in and have all my favorite stuff.

I love iLok.

I simply won't touch PACE stuff ever since I had a perfectly good MacBook Pro rendered so unstable as to become almost useless as a direct result of the installation of their drivers. Ever since then I won't permit their stuff on any computer that I own, and every time iLok problems like the ones reported in this thread come up, I remain grateful to have adopted that policy. If iLok works for you and helps you, that's fine ... I just don't want to deal with all of the associated system and licensing problems, and fortunately for me, I don't have to.