| Hello, I'll try to give you some insight as I'm a security engineer at Algolia. Your concern is valid, and it's true, we cannot know for sure. That's the reason why, as explained in the blog post, we are reinstalling all impacted servers and rotating our secrets. If our assumption is false, this should contain the issue. That being said, we have good reasons to make that assumption. - Our analysis of the incident and how the malware behaved on our systems didn't find any evidence towards access and transfer of data. - There are other public analysis of the malware. Other companies hit have the same analysis than us, and you can have a look at https://saltexploit.com/ which is maintaining an interesting list of what is known on the attack, how it behaved, and how it's evolving fast to adapt. I hope this answers your concern. |