MSP Tools Used by Bad Actors

Good question. For clarification, these are Syncro accounts being created - there is no compromise or hacking of legit accounts. What statistics are you looking for?

They have to request to join the Facebook group and we manually approve them - so no.

fair enough, what happens when a trial expires, or a paying client leaves Syncro. Are they removed from the facebook group?..and removed from this forum?

Good news is, you can’t have more than 1 Syncro agent on it and Syncro doesn’t have SOS built in, so it would be hard to affect existing customers. I’m taking this notice as a general info about how RMM platforms can be used by bad actors and not a security statement saying the platform is in crisis.

Yes, like I mentioned we have measures in place for these new trials, both proactive and reactive. We have security researchers who are also constantly looking for exploits and security issues, and we do regular penetration tests, so there are plenty of good guys doing this as well and if they find anything we resolve it.

1 Like

It is intentional that the Announcements section in particular is publicly available, yes. We often post information if there’s an incident/outage here, and if the site is down SSO to the forums won’t work - so you wouldn’t be able to read the announcement.

How many fake accounts have been found and close. If you found any info on where the users were country wise perhaps. What can I say, I’m a data geek. I love seeing statics. :laughing:

Well this sucks.

They specifically talk about Syncro being used more than once in attacks.

Any legit tool can be used for nefarious purposes. The purpose of this post was to say that they are increasing security measures due to the increase in activity.

I’m aware of both of those things. It doesn’t change my post. It does suck lol.

Just an update: We’ve posted an official post on our blog about this Syncro's Official Response to Recent MuddyWater News

Let me know if you have any questions,



Awesome. I was hoping that Syncro would comment and official responses to things like this are important IMO.

Hello @ian.alexander

All threads/topics are publicly accessible. Not only the Announcements section.

If the site/Syncro is down, send an sms.
This is what Azure does.
This is what my electricity company does.
This is what my ISP does.
For a MSP, a RMM is as important as the above three. Subscribe here for email notifications

As Jimmie mentioned, if you want to track status updates you can simply subscribe to our status site.

This is one of the many reasons why I was pushing for disabling publish viewing of edit post:) just incase someone added information they didnt want to share by mistake. Glad it was fix though.

Thanks for the suggestion. I’ve done that now.
Though it is email notification only.
The utilities that consider themselves to be essential have SMS notifications.
I have raised a feature request.
SMS notification option for status page - Feature Requests - Syncro Support Community (

Put in your carrier’s email to SMS address for the subscription.

@jimmie, I don’t think any mobile carriers in Australia have those features.
We would need to sign up to a paid service. Which of course is an option…

However SyncroMSP already has SMS notifications baked into the platform.
Notification Center Overview - Knowledge Base / Admin and Settings - Syncro Support Community (

Therefore to me it doesn’t seem a stretch to request/expect/hope for SMS notifications from the status page.