|
|
|
|
|
|
by brianr
1008 days ago
|
|
|
Hi, Brian from Rollbar here. We believe that the items listed comprise the entirety of the scope. We will be able to state definitively once forensic analysis is complete. GitHub tokens are not exposed. More specifically: customer credentials stored for third party integrations (i.e. GitHub, Slack, JIRA) are stored encrypted using a key that is not stored in the database, so those are not exposed. |
|
|
I think you are saying the attacker did or could have aquired the encrypted customer credentials but not the decryption key.
If that is the case could provide some more detail about the type of encryption to reassure us that it can not be brute forced.