Salesforce company Heroku has alerted customers that it intends to reset account passwords, causing confusion among users wanting to know what is going on.
Heroku is asking people to reset their passwords in advance, as existing ones will no longer work.
Resetting the passwords will also invalidate application programming interface (API) access tokens.
This in turn could break application integrations of Heroku's Platform API using the tokens, and generate 403 Forbidden errors upon access, unless new tokens are generated.
The enterprise platform-as-a-service (PaaS) provider was the victim of an attack in mid-April, in which its OAuth authentication token was stolen, and from the Travis CI hosted continuous integration sevice.
That attack was used to download private repositories from Microsoft-owned Github, with users on social media speculating that the incident was worse than communicated in April.
Heroku said this week that it is continuing to investigate that incident, and that a subset of customers would receive email notifications directly, but did not mention a password reset for users.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
