Sign in Subscribe
Releases

Security Update to Finetuner 0.6.1

Between 2022.09.23 and 2022.09.25, the Finetuner database was hacked and metadata from Finetuner runs was compromised. Training data and models were not compromised.

Engineering Group

2 min read
Blue backdrop with a "SECURITY UPDATE" text, "finetuner" logo, and the version "0.6.1"

Finetuner makes fine-tuning easier, faster and performant by streamlining the workflow and handling all complexity and infrastructure on the cloud. With Finetuner, one can easily uplift pre-trained models to be more performant and production ready.

GitHub - jina-ai/finetuner: Task-oriented finetuning for better embeddings on neural search
:dart: Task-oriented finetuning for better embeddings on neural search - GitHub - jina-ai/finetuner: Task-oriented finetuning for better embeddings on neural search
GitHubjina-ai

Between 2022.09.23 and 2022.09.25, the Finetuner database was hacked and metadata from Finetuner runs was compromised. Training data and models were not compromised.

User privacy and security are essential for maintaining trust, and we want to remain as transparent as possible about events like these. Jina AI itself was not compromised and experienced no data breach from this event.

Read the rest of this note for more complete information.

What happened?

On 2022.09.25, we received a bug report from a user that Finetuner login had failed. While inspecting the error logs, we discovered that an anonymous user had logged in to the Finetuner database and deleted all tables.

Who was impacted?

Finetuner is a machine learning training platform, and its internal databases do not store personal information. Only a user identifier string is stored. We have recently refactored our datastore and are now using an entirely different system from the one that was compromised.

We have database backups up to 2022.09.23. If you started a Finetuner job between 2022.09.23 and 2022.09.25 inclusive, we are sorry to inform you that we cannot recover your data. For jobs from before 2022.09.23, we will recover your data from backups at your request.

What information was involved?

  • The data being leaked has no personal information except a user identifier. All personal user information is stored in other information systems that have not been compromised.
  • Compromised data includes metadata for Finetuner jobs, such as status, run_name, experiment_name,  device, finetuner_version, creation_time, finish_time.
  • Compromised data includes machine learning hyper-parameters for Finetuner jobs, such as learning_rate, batch_size, loss_function, model, etc.

Compromised data does not include:

  • Personal or company data about users.
  • Training data used in Finetuner.
  • Models used or produced in Finetuner runs.

What should I do?

  • If you want to recover a Finetuner run that was created before 2022.09.23, please reach out to team-finetuner@jina.ai and we will restore your data from backups.
  • If you have lost a Finetuner run created between 2022.09.23 and 2022.09.25, we suggest you rerun the job. Please update Finetuner to version 0.6.1.
  • Please let Jina AI know if you have any further issues in relation to this event. We are available to answer questions via team-finetuner@jina.ai .

The security of your data is important to us, and we apologize for any problems caused by this breach.

Sign up for more like this.

Enter your email
Subscribe