help.heroku.com
Open in
urlscan Pro
54.225.246.238
Public Scan
Submitted URL: http://help.heroku.com/
Effective URL: https://help.heroku.com/
Submission: On May 05 via manual from ES — Scanned from ES
Effective URL: https://help.heroku.com/
Submission: On May 05 via manual from ES — Scanned from ES
Form analysis
3 forms found in the DOMGET /search
<form role="form" action="/search" method="get" class="relative center w-80 mw7 flex mv4 f4">
<div class="absolute z-3 left-1 top-1">
<svg class="pt1 w2 h2 fill-gray nudge-up--4 nudge-left--2">
<use xlink:href="#search-28"></use>
</svg>
</div>
<input type="text" name="q" id="search" value="" class="hk-search-input near-black w-100 pv2 pl6 f2 lh-copy br--left br2 z-2 br-0" placeholder="Search for help">
<input type="submit" class="hk-button--primary f2 br--right br2 z-1 lh-copy ph4 h-auto" value="Search">
</form>
GET /r
<form class="button_to" method="get" action="/r"><input class="hk-button--secondary" type="submit" value="Visit Stack Overflow"><input type="hidden" name="uri" value="https://stackoverflow.com/questions/tagged/heroku" autocomplete="off"></form>
GET /r
<form class="button_to" method="get" action="/r"><input class="hk-button--secondary" type="submit" value="Visit Heroku Status"><input type="hidden" name="uri" value="https://status.heroku.com" autocomplete="off"></form>
Text Content
Help * Dashboard * Data * Dataclips * Elements * Documentation * Support My tickets Create a ticket Enterprise Resources PLATFORM STATUS Heroku Security Notification 6 hours ago We value transparency and understand our customers are seeking a deeper understanding of the impact of this incident and our response to date. We continue to work diligently in response to this Heroku incident first announced on April 15, 2022. We worked with GitHub, our threat intelligence vendors, other industry partners, and have been in touch with law enforcement to assist in our investigation. Without compromising our ongoing investigation or the security of our customers, we are able to share the following details. On April 7, 2022, a threat actor obtained access to a Heroku database and downloaded stored customer GitHub integration OAuth tokens. Access to the environment was gained by leveraging a compromised token for a Heroku machine account. According to GitHub, the threat actor began enumerating metadata about customer repositories with the downloaded OAuth tokens on April 8, 2022. On April 9, 2022, the attacker downloaded a subset of the Heroku private GitHub repositories from GitHub, containing some Heroku source code. GitHub identified the activity on April 12, 2022, and notified Salesforce on April 13, 2022, at which time we began our investigation. As a result, on April 16, 2022, we revoked all GitHub integration OAuth tokens, preventing customers from deploying apps from GitHub through the Heroku Dashboard or via automation. We remain committed to ensuring the integration is secure before we re-enable this functionality. Separately, our investigation also revealed that the same compromised token was leveraged to gain access to a database and exfiltrate the hashed and salted passwords for customers’ user accounts. For this reason, Salesforce is ensuring all Heroku user passwords are reset and potentially affected credentials are refreshed. We have rotated internal Heroku credentials and put additional detections in place. We are continuing to investigate the source of the token compromise. Please continue to visit status.heroku.com for updates as they become available. WELCOME TO HEROKU SUPPORT TRENDING ARTICLES Before opening a support ticket What should I do if I'm locked out of my Heroku account? Log4j2 CVE-2021-44228 How to deploy changes from GitHub to Heroku via the command line Why am I seeing `SSL error: tlsv1 alert protocol version (PG::Error)` when connecting to my Heroku Postgres database? Select a topic, then pick a category and we'll show you commonly asked questions and answers. Looking for more help? Ask the community or create a ticket to get it routed to the best person to answer it. General Platform Features Account Management Domains & Routing Security Billing, Verification & Payments Heroku Postgres Heroku Connect Heroku Redis Heroku Kafka CI, Pipelines & Review apps Platform Error Codes Command Line Tools CHANGELOG OpenJDK 18.0.1 now available JDK 17.0.3, 15.0.7, 13.0.11, 11.0.15, 8u332, and 7u342 now available April 2022 PHP Updates Python updated pip, setuptools and wheel COMMUNITY Engage with a community of passionate experts to get the answers you need HEROKU STATUS Check for known issues on the Heroku Status website heroku.com Blogs Careers Documentation Terms of Service Privacy Cookies Cookie Preferences © 2022 Salesforce.com COOKIE CONSENT MANAGER * GENERAL INFORMATION * REQUIRED COOKIES * FUNCTIONAL COOKIES * ADVERTISING COOKIES GENERAL INFORMATION We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings. Privacy Statement REQUIRED COOKIES Always Active Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies. Cookies Details FUNCTIONAL COOKIES Functional Cookies Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual. Cookies Details ADVERTISING COOKIES Advertising Cookies Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising. Cookies Details BACK BUTTONBACK Vendor Search Filter Button Consent Leg.Interest checkbox label label checkbox label label checkbox label label * View Third Party Cookies * Name cookie name Clear checkbox label label Apply Cancel Save Settings Accept All Cookies We use cookies to make your interactions with our website more meaningful. They help us better understand how our websites are used, so we can tailor content for you. For more information about the different cookies we are using, read the Privacy Statement. To change your cookie settings and preferences, click the Cookie Consent Manager button. Reject All Cookies Accept All Cookies Cookie Consent Manager