[robotrobot]

Is anyone from BrowserStack monitoring this thread? We received the email so we can assume our account was accessed by the hacker. Passwords crypted and salted (ok - changed) but what about the BrowserStack automate username and token, generated by BS themselves, that we are unable to edit or regen?

[adimania]

that is in a different table which was not compromised.

[robotrobot]

OK, I want to make sure though. How can these creds be regenerated? What happens if we had leaked them accidentally, there seems no way to regen them?

[adimania]

Please have a look at https://www.browserstack.com/automate/rest-api#rest-api-key

[robotrobot]

Thanks (can't reply direct to the reply for some reason)

[Jgrubb]

There's some kind of algorithm that prevents two users ping ponging comments too quickly. Not sure exactly how it works, but I've had experienced that before.