Security Breach - July 2021
Yesterday we had a minor security breach whereby one of the API Keys we use for sending test emails became public. No customer data was exposed, and we patched the issue quickly.
How did this happen?
On Friday, July 23rd, one of the API keys we use for sending test emails was accidentally published to a public Github repository.
Shortly after it was published, we received a notification from GitGuardian, a service designed to catch this kind of mistake.
We removed the key in question from the repository and added a gitignore rule to prevent it from being accidentally added back.
Unfortunately, it appears someone had already acquired the key, and they subsequently used it to send some fake "Password Changed" emails through our server.
What impact did it have?
About 100 of these "Password Changed" emails were sent from our domain to seemingly random email addresses; fortunately, the message did not contain any malicious content or links.
No customer data was exposed.
How was it resolved?
In addition to removing and banning the key from the Github repository, we revoked the API key and replaced it with another, plugging the hole.
Find Your Subscription
We’ll find your subscription and send you a link to login to manage your preferences.
Check Your Inbox
We’ve found your existing subscription and have emailed you a secure link to manage your preferences.
Subscribe to Status Updates
We’ll use your email to save your preferences so you can update them later.
-
Email{{ value }}
-
Text Message{{ value }}
-
Slack
-
Microsoft Teams{{ value }}
-
Google Chat
Subscribe to other services using the bell icon on the subscribe button on the status page.
Unsubscribe Completely?
You’ll no long receive any status updates from Sorry™ Service Status, are you sure?
{{ error }}
You’re Unsubscribed!
We’ll no longer send you any status updates about Sorry™ Service Status.