This week, Sourcegraph, the AI-driven coding platform, disclosed a security breach incident involving unauthorized access to their website. On August 28th, an attacker exploited an admin access token mistakenly made public on July 14th. By utilizing the exposed token, the individual successfully established a new admin account and accessed Sourcegraph.com’s administrative dashboard two days following the intrusion.
Discovery of the Security Breach
The alarm bells went off the same day as Sourcegraph’s security experts noticed an unusual uptick in API activity, characterized as “anomalous and unnatural.” It didn’t take long for them to trace the origin of this activity back to the recently created rogue admin account.
Sourcegraph’s Response on Security Breach
Diego Comas, Sourcegraph’s Head of Security, provided insights into the incident. He confirmed that the exposed admin token had originally slipped through the cracks in a code commit dated July 14th. “The attacker leveraged this token to masquerade as a user and gain unfettered access to our system’s administrative console,” said Comas.
(Read more about: Security breach costs in India)
Subsequent Malicious Activities
Once inside, the perpetrator shifted the illicit account’s permissions several times, effectively probing the internal systems of Sourcegraph. Moreover, a proxy application was set up, directing users to directly interact with Sourcegraph’s APIs. “Users were guided to establish free accounts on Sourcegraph.com, produce access tokens, and then seek an unwarranted elevation of their rate limits from the attacker,” according to Sourcegraph’s official statement.
Data Impact and Customer Notification on Security Breach
Although the intruder managed to access some customer data like license keys, names, and email addresses, more sensitive information remained unscathed. No passwords, usernames, or other types of personally identifiable information were compromised. “Your personal data was neither altered nor copied, but it could have been viewed by the attacker,” Comas clarified in an email dispatched to potentially affected customers.
Ensuring Future Security
Importantly, private code and customer credentials were not accessible during this ordeal, as they are stored in segregated environments. After identifying the breach, Sourcegraph took immediate steps to neutralize the threat. They disabled the unauthorized admin account. They provisionally scaled back API rate limits for all free-tier users, and changed potentially vulnerable license keys.
With a burgeoning user base of over 1.8 million software engineers and partnerships with industry giants such as Uber, F5, Dropbox, Lyft, and Yelp, Sourcegraph is taking this security incident very seriously. Comprehensive measures are being taken to ensure such vulnerabilities do not pose a risk in the future.
As the platform moves forward, it is committed to improving its security protocols to safeguard user data more effectively. They will also restore the confidence of its global clientele.