Software vulnerability logging and monitoring firm Rollbar had its customer access tokens compromised following a data breach impacting its systems earlier last month, BleepingComputer reports.
Attackers, whose identities remain unknown, leveraged a service account to infiltrate Rollbar's systems from Aug. 9 to 11, from which they were able to exfiltrate sensitive user data, including usernames and project information, as well as customers' project access tokens, which allowed interactions with Rollbar projects.
"The party first tried to launch compute resources, and after that failed for lack of permission, they accessed the data warehouse and ran searches that suggested they were interested in Bitcoin wallets or other cloud credentials," said Rollbar in a breach notification letter provided by Have I Been Pwned Creator Troy Hunt.
Further investigation into the incident is underway.
"We will also engage a third-party forensic consultant to assist us in verifying these findings, and that work is ongoing," Rollbar noted.
