Salesforce company Heroku has alerted customers that it intends to reset account passwords, causing confusion among users wanting to know what is going on.
Heroku is asking people to reset their passwords in advance, as existing ones will no longer work.
Resetting the passwords will also invalidate application programming interface (API) access tokens.
This in turn could break application integrations of Heroku's Platform API using the tokens, and generate 403 Forbidden errors upon access, unless new tokens are generated.
The enterprise platform-as-a-service (PaaS) provider was the victim of an attack in mid-April, in which its OAuth authentication token was stolen, and from the Travis CI hosted continuous integration sevice.
That attack was used to download private repositories from Microsoft-owned Github, with users on social media speculating that the incident was worse than communicated in April.
Heroku said this week that it is continuing to investigate that incident, and that a subset of customers would receive email notifications directly, but did not mention a password reset for users.
_(37).jpg&h=140&w=231&c=1&s=0)
_(36).jpg&h=140&w=231&c=1&s=0)
Cyber Resilience Summit
iTnews Executive Retreat - Security Leaders Edition
Huntress + Eftsure Virtual Event -Fighting A New Frontier of Cyber-Fraud: How Leaders Can Work Together
iTnews Cloud Covered Breakfast Summit
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
.jpg&h=271&w=480&c=1&s=1)
_(1).jpg&h=140&w=231&c=1&s=0)
