On May 5, Heroku, a platform as a service (PaaS) that enables developers to build, run, and operate applications entirely in the cloud, confirmed its data breach.
Heroku revealed that hackers used stolen GitHub integration OAuth tokens in order to exfiltrate customers’ hashed and salted passwords from internal customer database.
This week, Heroku started performing forced password resets for a subset of its user accounts after last month’s security incident, without fully explaining why.
On Tuesday night, some Heroku users received emails titled “Heroku security notification – resetting user account passwords on May 4, 2022,” advising users that their account passwords were being reset in response to the security incident. The reset would also invalidate all API access tokens and require users to generate new ones, explained the email.
Breached database details are still unclear, except that the passwords have been stored hashed, we are still to learn the impact and exact user details that ended up in hackers hands.