Malware and ransomware protection

Is it possible for a virus to encrypt or delete our Asana data if we upload a malware or ransomeware without knowing it is one (e.g. the malware was inside a the file of a CV for a job application)

The only way that someone could do something to your Asana are:

  • you installed an app, went through the Asana connect process
  • you generated a Personal Access Token with someone
  • you shared your password
  • your Service account credentials leaked

@lpb @Phil_Seeman did I miss anything?

Welcome, @Charles-Henri_Roy1,

I’d be surprised if what you did caused a true vulnerability, but I’d defer to someone in Asana security/trust to provide the last word.

@Bastien_Siebman, the bullet points in your post are all vulnerabilities, I agree, but I can’t say that’s a complete list.



Thank you for your answers @Bastien_Siebman @lpb.

Our concern came from the fact that we receive CV in PDF format on our website and that they are automatically added to Asana (using the import email) which means we have little control over what is uploaded to our Asana on that part. From what I’ve understood, even if a PDF was to contain a virus, it couldn’t be activated in Asana and couldn’t do any damage, it would have to be opened by a PDF reader on our computer and then it could do some damages on our computer only.

Have I understood it well or did I miss something?

Thanks again guys.

1 Like

Yes, that’s basically my sense.

Yes, but, also, if you were to do this, depending on the malware, it could use your computer or content there to propagate, potentially eventually affecting other computers.

I agree with basically everything @Bastien_Siebman and @lpb have said above.

The only thing I’d add, to take things one step further though this seems really unlikely, is if you did open the doc on your computer and it had malware that got activated, if you had Asana open in a browser window at that time, I suppose the malware could access and alter that Asana info…