It is with the utmost regret that I write to say that, over the weekend, we were the victim of a successful attempt by a third party to access our own helpdesk (Sirportly) & steal code from our own code repositories.
This attack was limited to accessing data within our own accounts only. We have no evidence to suggest that data from any other Codebase & Sirportly accounts was accessed.
The team here have been working non-stop for over 48 hours to investigate the event and we believe that the attack was able to take place because of a compromised API key on Sirportly that had gone undetected by us. Once the third party had access to our Sirportly account they were able to obtain a Codebase API key which allowed them to create a user on our Codebase account and trigger an account export containing our repositories.
We will be in contact with the small number of our customers whose tickets were viewed in our helpdesk.
As a matter of course, we have already begun a comprehensive internal & external review of our key codebases and we will be monitoring for any other suspicious activity.
You may have already noticed a range of new security precautions that have been added to many of our applications and we are continuing to add new safety mechanisms:
- E-mail alerts when new logins happen on your accounts from unknown IP addresses across all our products.
- E-mail alerts to all admins when new users are granted access to your account on Sirportly, Deploy & Codebase.
- Only users that have existed for at least 30 days are permitted to request an account export on Codebase.
- Ability to restrict which networks have access to your Deploy & Sirportly cloud account. Codebase already has this functionality.
There are a number of general precautions anyone using any web service can take to help protect themselves from being affected like we have been here:
- Cycle any static API keys on a regular basis and ensure that you're aware of where they are used.
- Ensure the users granted access to your account are current staff and that leavers are removed promptly.
- We recommend using the IP restriction feature available to restrict access to your Codebase, Sirportly & Deploy account to a given set of known networks.
- Ensure two factor authentication is enabled and enforced across your account.
On a more personal note, I don't really have the words to express the feelings of the team here regarding this incident. We're a small team who love what we do, enjoying working on our products and serving our customers well. I'm sure you can imagine how devastated we feel that this could happen. We will, however, come out of this a stronger & better team and I'm sure this will become clear in the forthcoming updates that will be deployed over the coming days & months. If anyone would like to speak with me personally, I would be more than happy to speak with you by phone or e-mail.