User Accounts of Salesforce Subsidiary Heroku Appear to Have Been Leaked a Month Ago

User Accounts of Salesforce Subsidiary Heroku Appear to Have Been Leaked a Month Ago
0 0
Read Time:1 Minute, 5 Second

Heroku has had the passwords of all of its user accounts changed. The move comes about a month after the company’s OAuth tokens were stolen.

 

Cloud platform Heroku has asked its users to change their passwords before the company resets them itself. API tokens will also expire, so apps running on the platform may no longer work until a new token is created. According to Heroku itself, it is a response from the PaaS vendor to a “security incident” in which some of the user accounts were compromised.

However, that incident happened almost a month ago. In April, OAuth tokens from Heroku and another company, Travis CI, were stolen, GitHub said in a security report. Those authentication tokens allowed attackers to download data from GitHub from various organizations.

GitHub reported that to its own customers as well as Heroku in mid-April. Still, the latter apparently failed to understand or clearly communicate the magnitude of the leak for several weeks. In addition, the cloud provider says in its own investigation that attackers could also reach Heroku’s own GitHub repositories (code databases) and possibly get their hands on source code from the platform.

The incident also allegedly stolen (hashed) user passwords. Therefore, passwords for all accounts are now being recovered at the request of Salesforce, which owns Heroku.

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
Kremlin Denies Storming Mariupol Steel Factory Previous post Kremlin Denies Storming Mariupol Steel Factory
Facebook Blocked Thousands of Pages to Exert Political Pressure Next post Facebook Blocked Thousands of Pages to Exert Political Pressure

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

Leave a Reply