Software program bug-tracking firm Rollbar disclosed a data breach after unknown attackers hacked its techniques in early August and gained entry to buyer entry tokens.
The security breach was found by Rollbar on September 6 when reviewing information warehouse logs displaying {that a} service account was used to log into the cloud-based bug monitoring platform.
As soon as inside Rollbar’s techniques, the menace actors searched the corporate’s information for cloud credentials and Bitcoin wallets.
“After we grew to become conscious of this entry we disabled the service account and commenced analyzing what actions had been taken by the unauthorized social gathering,” Rollbar stated in a data breach notification letter shared by Have I Been Pwned creator Troy Hunt.
“The social gathering first tried to launch compute assets, and after that failed for lack of permission, they accessed the info warehouse and ran searches that recommended they have been desirous about Bitcoin wallets or different cloud credentials.”
Rollbar’s follow-up investigation discovered that the attackers had entry to its techniques for 3 days between August 9 and August 11, 2023.
Whereas inside Rollbar’s servers, they accessed delicate buyer info, together with usernames and electronic mail addresses, account names, and mission info, akin to atmosphere names and repair hyperlink configuration.
Challenge entry tokens stolen within the breach
Extra importantly, prospects’ mission entry tokens that allow them to work together with Rollbar tasks have been additionally retrieved in the course of the incident.
The corporate says entry tokens permitting entry to Rollbar mission information (with learn and write scope) have been expired, whereas these permitting to ship information to an lively mission will expire in 30 days.
“Though our investigation is ongoing, we maintain the security of our prospects information paramount and are due to this fact writing to promptly notify you of the invention and the steps we’ve got taken,” Rollbar stated.
“We may also have interaction a third-party forensic guide to help us in verifying these findings, and that work is ongoing.”
Rollbar says its error logging and monitoring companies are being utilized by 400M+ software finish customers and 1000’s of corporations worldwide, akin to Salesforce, Twilio, Uber, Twitch, and Pizza Hut.
Final 12 months, Rollbar stated it helped over 5,000 prospects and 23,000 paid customers course of greater than 40 billion errors.
