QuickBooks Desktop Security Notice
Intuit has identified, and is implementing an update to address a security vulnerability in QuickBooks desktop software. This has no impact on QuickBooks Online.
For supported versions of QuickBooks desktop, Intuit has begun the process of proactively notifying customers of the steps required to install an update, which is designed to address the security vulnerability. The update includes password controls to verify that the person attempting to access an account is authorized. Intuit expects all customers to install the necessary security updates.
As per industry best practices, non-supported versions of QuickBooks desktop do not receive updates (QuickBooks desktop 2012 and earlier are unsupported). Customers using non-supported products are encouraged to upgrade to QuickBooks desktop 2016, the most current version. Customers who continue to use older, unsupported versions of QuickBooks desktop, could be putting their data at risk.
Customers using QuickBooks desktop in multi-user mode will need to ensure that all users are on a supported version of QuickBooks desktop and have installed the security update in order to address the security vulnerability.
Intuit also wants to remind customers of precautions that they should always take to protect their accounts and data. These include:
- All customers should set up a password for their QuickBooks desktop file, if they don’t already have one.
- Customers should choose a strong user name and password. Use unique letters and numbers in a password, not basic words that can easily be found online or in the dictionary.
- Customers should protect all personal information. Never give out a user name or password and make sure to use different passwords for each account.
- We recommend that all customers upgrade to most resent version, QuickBooks desktop 2016.
- We recommend that customers use secure methods, such as the Accountant’s Copy File Transfer (ACFT) service, when sharing QuickBooks files.
- To protect yourself from phishing and other social engineering attacks, don’t open suspicious emails or email attachments.
At Intuit, we are committed to giving you the tools to protect your QuickBooks data. Thank you for taking action to apply the security fixes to your company file.
For more information, an in-product and KB article is posted here.