Heroku forces user password resets

By on
Heroku forces user password resets

API access tokens invalidated.

Salesforce company Heroku has alerted customers that it intends to reset account passwords, causing confusion among users wanting to know what is going on.

Heroku is asking people to reset their passwords in advance, as existing ones will no longer work.

Resetting the passwords will also invalidate application programming interface (API) access tokens.

This in turn could break application integrations of Heroku's Platform API using the tokens, and generate 403 Forbidden errors upon access, unless new tokens are generated.

The enterprise platform-as-a-service (PaaS) provider was the victim of an attack in mid-April, in which its OAuth authentication token was stolen, and from the Travis CI hosted continuous integration sevice.

That attack was used to download private repositories from Microsoft-owned Github, with users on social media speculating that the incident was worse than communicated in April.

Heroku said this week that it is continuing to investigate that incident, and that a subset of customers would receive email notifications directly, but did not mention a password reset for users.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?