On September 6, 2023 at 8:28AM PDT, we identified an irregularity in our data warehouse query logs. We immediately performed an initial forensic analysis, determining what had occurred and conducting initial assessment of the impact.<p>Our preliminary analysis established that a cloud platform service account which only had access to our data warehouse was used by an unauthorized party. When we became aware of this access we disabled the service account and began analyzing what actions had been taken by the unauthorized party. The party first tried to launch compute resources, and after that failed for lack of permission, they accessed the data warehouse and ran searches that suggested they were interested in Bitcoin wallets or other cloud credentials. Our investigation indicates this access occurred from August 9, 2023 to August 11, 2023. We will also engage a third-party forensic consultant to assist us in verifying these findings, and that work is ongoing.<p>Our analysis of the incident continues, but we are contacting you now because our initial forensic analysis indicates the unauthorized party accessed data about your account, including:<p>Usernames and user email addresses
Account name
Project and environment names
Project access tokens
Project service link configuration<p>We are taking the following actions:
Project access tokens with 'read' or 'write' scope: these tokens could allow access to your Rollbar project data (occurrences, items, etc). These tokens have been expired. You can refresh each token using the Rollbar UI, API, or Terraform provider.<p>Project access tokens with 'post_server_item' scope: these tokens could allow access to send data into your project (but not read data). These tokens will be expired in 30 days.<p>Although our investigation is ongoing, we hold the security of our customers data paramount and are therefore writing to promptly notify you of the discovery and the steps we have taken.<p>Please feel free to contact us using the information below if you have any additional questions or if there is further information we can provide.<p>Sincerely,
Brian Rue, Co-founder and CEO