help.heroku.com Open in urlscan Pro
54.225.246.238  Public Scan

Form analysis
3 forms found in the DOM

GET /search

<form role="form" action="/search" method="get" class="relative center w-80 mw7 flex mv4 f4">
  <div class="absolute z-3 left-1 top-1">
    <svg class="pt1 w2 h2 fill-gray nudge-up--4 nudge-left--2">
      <use xlink:href="#search-28"></use>
    </svg>
  </div>
  <input type="text" name="q" id="search" value="" class="hk-search-input near-black w-100 pv2 pl6 f2 lh-copy br--left br2 z-2 br-0" placeholder="Search for help">
  <input type="submit" class="hk-button--primary f2 br--right br2 z-1 lh-copy ph4 h-auto" value="Search">
</form>

GET /r

<form class="button_to" method="get" action="/r"><input class="hk-button--secondary" type="submit" value="Visit Stack Overflow"><input type="hidden" name="uri" value="https://stackoverflow.com/questions/tagged/heroku" autocomplete="off"></form>

GET /r

<form class="button_to" method="get" action="/r"><input class="hk-button--secondary" type="submit" value="Visit Heroku Status"><input type="hidden" name="uri" value="https://status.heroku.com" autocomplete="off"></form>

Text Content

Help
 * Dashboard
 * Data
 * Dataclips
 * Elements
 * Documentation
 * Support

My tickets Create a ticket Enterprise Resources


PLATFORM STATUS

Heroku Security Notification
4 hours ago

At Salesforce, we understand that the confidentiality, integrity, and
availability of your data are vital to your business, and we take the protection
of your data very seriously. We value transparency and wanted to notify you of
an incident we're actively investigating that may lead to unauthorized access to
your GitHub repositories connected to Heroku.

On April 13, 2022, Salesforce Security was notified by GitHub that a subset of
Heroku’s GitHub private repositories, including some source code, was downloaded
by a threat actor on April 9, 2022. Based on Salesforce’s initial investigation,
it appears that unauthorized access to Heroku's GitHub account was the result of
a compromised OAuth token. Salesforce immediately disabled the compromised
user’s OAuth tokens and disabled the compromised user’s GitHub account.
Additionally, GitHub reported that the threat actor was enumerating GitHub
customer accounts using OAuth tokens issued to Heroku’s OAuth integration
dashboard hosted on GitHub. Based on the information GitHub shared with us, we
are investigating how the threat actor gained access to customer OAuth tokens.
The compromised tokens could provide the threat actor access to customer GitHub
repos, but not customer Heroku accounts. With the access to customer OAuth
tokens, the threat actor may have read and write access to customer GitHub
repositories connected to Heroku. Given the incident is still active, please
review the recommended actions provided below.

What action do I need to take?

Please follow the instructions below to conduct a comprehensive review of your
GitHub logs for evidence of exfiltration. If you identify suspicious activity,
please contact security@salesforce.com to share your findings which may assist
in our investigation.

To request logs from GitHub: - For organizations: please see the instructions in
the GitHub document, Review the audit log for your organization - For personal
accounts: please see the instructions in the GitHub document, Reviewing your
security log

For more information regarding GitHub’s investigation and actions you should
take when reviewing your logs, please visit the GitHub blog.

Additionally, we recommend disconnecting Heroku from your GitHub repositories.
Please note that disconnecting will prevent you from deploying your apps using
the Heroku dashboard and pipelines will be partially functional. While
disconnected, you can use one of the other code deployment methods available in
the following documentation:

 * Integrating with Version Control Providers Besides GitHub
 * Deploying with Git

If you see evidence of exfiltration in your logs, you should look carefully
through your repositories for any credentials that may have been compromised and
mitigate access by disabling accounts and rotating credentials as needed. We
also recommend revoking or rotating any exposed credentials. Source code
credential scanning is one of the primary ways that malicious actors can
escalate their access.

What are the next steps for Salesforce?

Salesforce continues to investigate this incident in coordination with GitHub
and our retained third-party breach vendor. Once we identify how the threat
actor gained access to customers’ OAuth tokens, we will immediately take
appropriate actions.

How can I get more information?

If you see any evidence of impact, please open a case with Heroku Support.

Updates will be posted to status.heroku.com as additional information becomes
available. If Salesforce becomes aware of unauthorized access to customer GitHub
repositories connected to Heroku, we will notify affected customers by email
without undue delay.


WELCOME TO HEROKU SUPPORT




TRENDING ARTICLES

Before opening a support ticket
What should I do if I'm locked out of my Heroku account?
How Do I Reset My Heroku Password?
Log4j2 CVE-2021-44228
Why am I seeing `SSL error: tlsv1 alert protocol version (PG::Error)` when
connecting to my Heroku Postgres database?

Select a topic, then pick a category and we'll show you commonly asked questions
and answers.
Looking for more help? Ask the community or create a ticket to get it routed to
the best person to answer it.

General Platform Features
Account Management
Domains & Routing
Security
Billing, Verification & Payments
Heroku Postgres
Heroku Connect
Heroku Redis
Heroku Kafka
CI, Pipelines & Review apps
Platform Error Codes
Command Line Tools



CHANGELOG

April 2022 PHP Updates
Python updated pip, setuptools and wheel
Ruby versions 2.6.10, 2.7.6, 3.0.4, 3.1.3 are now available
Composer 2.3.4 available for PHP apps


COMMUNITY

Engage with a community of passionate experts to get the answers you need




HEROKU STATUS

Check for known issues on the Heroku Status website


heroku.com Blogs Careers Documentation
Terms of Service Privacy Cookies Cookie Preferences © 2022 Salesforce.com


COOKIE CONSENT MANAGER




 * GENERAL INFORMATION


 * REQUIRED COOKIES


 * FUNCTIONAL COOKIES


 * ADVERTISING COOKIES


GENERAL INFORMATION

We use three kinds of cookies on our websites: required, functional, and
advertising. You can choose whether functional and advertising cookies apply.
Click on the different cookie categories to find out more about each category
and to change the default settings.
Privacy Statement


REQUIRED COOKIES

Always Active

Required cookies are necessary for basic website functionality. Some examples
include: session cookies needed to transmit the website, authentication cookies,
and security cookies.

Cookies Details‎


FUNCTIONAL COOKIES

Functional Cookies


Functional cookies enhance functions, performance, and services on the website.
Some examples include: cookies used to analyze site traffic, cookies used for
market research, and cookies used to display advertising that is not directed to
a particular individual.

Cookies Details‎


ADVERTISING COOKIES

Advertising Cookies


Advertising cookies track activity across websites in order to understand a
viewer’s interests, and direct them specific marketing. Some examples include:
cookies used for remarketing, or interest-based advertising.

Cookies Details‎


BACK BUTTONBACK



Vendor Search
Filter Button
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label

 * View Third Party Cookies
    * Name
      cookie name


Clear
checkbox label label
Apply Cancel
Save Settings
Accept All Cookies


We use cookies to make your interactions with our website more meaningful. They
help us better understand how our websites are used, so we can tailor content
for you. For more information about the different cookies we are using, read the
Privacy Statement. To change your cookie settings and preferences, click the
Cookie Consent Manager button.

Reject All Cookies Accept All Cookies
Cookie Consent Manager