DEVONthink and the ABBYY data leak

ABBYY LogoAccording to TechCrunch, ABBYY, the maker of the OCR technology we use in DEVONthink Pro Office, had accidentally exposed more than 200,000 OCRed customer documents.

This leak, however, does not affect you as our customer. All documents are processed locally on your Mac by the ABBYY OCR engine. Your documents only leave your computer when you manually export or send them, or when you synchronize them to a remote location.

However, our sync stores are fully AES 256 bit encrypted when you set up the synchronization with an encryption key. If you haven’t done so (you can check in the sync settings) and you sync your databases through a service out of your control, like iCloud, Dropbox, or a WebDAV service, you might want to remove your sync store and create a new one with an appropriately strong encryption key.

2 Responses to “DEVONthink and the ABBYY data leak”

  1. Bernhard says:

    Danke Eric für Deinen Hinweis.

  2. Tim W says:

    God only knows what sensitive information was in those 200k documents. ABBYY’s cloud OCR service has multiple affordable price tiers, but I speculate that the only entities to consider the benefits of using it over a local OCR solution are rather large businesses.
    I use a password manager, always max out the password length and complexity of whatever service I’m using, have two-factor authentication enabled for any service that supports it, and of course, have a very strong encryption key for my DEVONthink sync stores.
    However, my caution regarding my data only really prevents an otherwise lucky, low-level cyber thief from chancing upon me as a victim, while the more realistic threat is, still, that the sensitive information outside my control will be leaked by a company that is simultaneously a bigger target and less cautious than myself.
    I’m constantly reminded that all my efforts are ultimately in vain, because there are dozens of entities that already have my information, aren’t particularly concerned (i.e. it’s not how they make a profit) with keeping my information secure, and are sequentially leaking my precious personal information out to the dark web! Every time I set a new password I ask myself, “Why do I even care? Equifax already gave my complete personal, professional, and financial details and history to every cybercriminal out there!”
    It’s especially frustrating for me because I’m a younger generation, hence any wealth I accumulate can be assumed to not take place for another few decades. The dark web can just sit on my SSN, DOB, job and address history, financial and credit history, until I’m 50 and more likely to be a lucrative target. So I have to remain diligent for literally the rest of my life to protect myself from a threat that was created by a company (Equifax) of which I’m not a customer, but a product.