Thanksgiving 2023 security incident (blog.cloudflare.com)
from RedditEnjoyer@lemmy.world to technology@lemmy.world on 01 Feb 2024 21:07
https://lemmy.world/post/11457435

#technology

threaded - newest

eager_eagle@lemmy.world on 01 Feb 2024 21:25 next collapse

tl;dr of the damage

no Cloudflare customer data or systems were impacted by this event. Because of our access controls, firewall rules, and use of hard security keys enforced using our own Zero Trust tools, the threat actor’s ability to move laterally was limited. […] No services were implicated, and no changes were made to our global network systems or configuration.

The only production systems the threat actor could access using the stolen credentials was our Atlassian environment. Analyzing the wiki pages they accessed, bug database issues, and source code repositories, it appears they were looking for information about the architecture, security, and management of our global network; no doubt with an eye on gaining a deeper foothold.

lazynooblet@lazysoci.al on 02 Feb 2024 00:04 next collapse

They was a really good read

neshura@bookwormstory.social on 02 Feb 2024 07:49 collapse

I appreciate them communicating this because as far as I can tell they had no obligation to reveal this hack since no customer data was implicated.