Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
What else did cyber bandits manage to do during their access to the company's networks?
Rollbar, a software bug tracking company, recently reported a security breach on its networks. According to the company, unknown people attacked Rollbar systems in early August and gained access to the tokens of client projects.
The breach was identified on September 6 when reviewing data warehouse logs, which showed that the service's account was used to log in to the cloud-based bug monitoring platform.
Attackers scanned the company's database in search of cloud credentials and Bitcoin wallets. "At first, the party tried to launch computing resources, but, without permission, moved to the data warehouse," the company said in a notice.
According to preliminary results of the investigation, it turned out that the attackers had access to Rollbar systems for three days — from August 9 to 11 of this year. During this time, customer logins and email addresses, account names, and project information, including the configuration of service links, were compromised.
However, most worryingly, access tokens to client projects were obtained during the incident. According to the company's assurances, the stolen tokens that give access to projects for reading and writing have already expired. At the same time, tokens that allow you to send data to an active project will expire only after 30 days.
"Although our investigation is still ongoing, we consider the security of our customers' data a priority and therefore immediately notify you of what happened, " the company said, adding that it will involve a third-party expert to verify the results of the investigation.
Rollbar's logging and error tracking services are used by more than 400 million app end users and thousands of companies worldwide, including Salesforce, Twilio, Uber, Twitch, and Pizza Hut. Last year, Rollbar helped more than 5,000 customers and 23,000 paid users process over 40 billion errors.
Rollbar, a software bug tracking company, recently reported a security breach on its networks. According to the company, unknown people attacked Rollbar systems in early August and gained access to the tokens of client projects.
The breach was identified on September 6 when reviewing data warehouse logs, which showed that the service's account was used to log in to the cloud-based bug monitoring platform.
Attackers scanned the company's database in search of cloud credentials and Bitcoin wallets. "At first, the party tried to launch computing resources, but, without permission, moved to the data warehouse," the company said in a notice.
According to preliminary results of the investigation, it turned out that the attackers had access to Rollbar systems for three days — from August 9 to 11 of this year. During this time, customer logins and email addresses, account names, and project information, including the configuration of service links, were compromised.
However, most worryingly, access tokens to client projects were obtained during the incident. According to the company's assurances, the stolen tokens that give access to projects for reading and writing have already expired. At the same time, tokens that allow you to send data to an active project will expire only after 30 days.
"Although our investigation is still ongoing, we consider the security of our customers' data a priority and therefore immediately notify you of what happened, " the company said, adding that it will involve a third-party expert to verify the results of the investigation.
Rollbar's logging and error tracking services are used by more than 400 million app end users and thousands of companies worldwide, including Salesforce, Twilio, Uber, Twitch, and Pizza Hut. Last year, Rollbar helped more than 5,000 customers and 23,000 paid users process over 40 billion errors.
