Software bug-tracking firm Rollbar disclosed a knowledge breach after unknown attackers hacked its methods in early August and gained entry to buyer entry tokens.
The safety breach was found by Rollbar on September 6 when reviewing information warehouse logs exhibiting {that a} service account was used to log into the cloud-based bug monitoring platform.
Once inside Rollbar’s methods, the menace actors searched the corporate’s information for cloud credentials and Bitcoin wallets.
“When we turned conscious of this entry we disabled the service account and started analyzing what actions had been taken by the unauthorized get together,” Rollbar stated in a knowledge breach notification letter shared by Have I Been Pwned creator Troy Hunt.
“The get together first tried to launch compute sources, and after that failed for lack of permission, they accessed the info warehouse and ran searches that advised they had been occupied with Bitcoin wallets or different cloud credentials.”
Rollbar’s follow-up investigation discovered that the attackers had entry to its methods for 3 days between August 9 and August 11, 2023.
While inside Rollbar’s servers, they accessed delicate buyer data, together with usernames and e-mail addresses, account names, and undertaking data, reminiscent of surroundings names and repair hyperlink configuration.
Project entry tokens stolen within the breach
More importantly, prospects’ undertaking entry tokens that allow them to work together with Rollbar initiatives had been additionally retrieved in the course of the incident.
The firm says entry tokens permitting entry to Rollbar undertaking information (with learn and write scope) have been expired, whereas these permitting to ship information to an energetic undertaking will expire in 30 days.
“Although our investigation is ongoing, we maintain the safety of our prospects information paramount and are due to this fact writing to promptly notify you of the invention and the steps we’ve got taken,” Rollbar stated.
“We may also have interaction a third-party forensic guide to help us in verifying these findings, and that work is ongoing.”
Rollbar says its error logging and monitoring providers are being utilized by 400M+ utility finish customers and hundreds of firms worldwide, reminiscent of Salesforce, Twilio, Uber, Twitch, and Pizza Hut.
Last 12 months, Rollbar stated it helped over 5,000 prospects and 23,000 paid customers course of greater than 40 billion errors.