help.heroku.com Open in urlscan Pro
54.225.246.238  Public Scan

Submitted URL: http://help.heroku.com/
Effective URL: https://help.heroku.com/
Submission: On May 05 via manual from ES — Scanned from ES

Form analysis 3 forms found in the DOM

GET /search

<form role="form" action="/search" method="get" class="relative center w-80 mw7 flex mv4 f4">
  <div class="absolute z-3 left-1 top-1">
    <svg class="pt1 w2 h2 fill-gray nudge-up--4 nudge-left--2">
      <use xlink:href="#search-28"></use>
    </svg>
  </div>
  <input type="text" name="q" id="search" value="" class="hk-search-input near-black w-100 pv2 pl6 f2 lh-copy br--left br2 z-2 br-0" placeholder="Search for help">
  <input type="submit" class="hk-button--primary f2 br--right br2 z-1 lh-copy ph4 h-auto" value="Search">
</form>

GET /r

<form class="button_to" method="get" action="/r"><input class="hk-button--secondary" type="submit" value="Visit Stack Overflow"><input type="hidden" name="uri" value="https://stackoverflow.com/questions/tagged/heroku" autocomplete="off"></form>

GET /r

<form class="button_to" method="get" action="/r"><input class="hk-button--secondary" type="submit" value="Visit Heroku Status"><input type="hidden" name="uri" value="https://status.heroku.com" autocomplete="off"></form>

Text Content

Help
 * Dashboard
 * Data
 * Dataclips
 * Elements
 * Documentation
 * Support

My tickets Create a ticket Enterprise Resources


PLATFORM STATUS

Heroku Security Notification
6 hours ago

We value transparency and understand our customers are seeking a deeper
understanding of the impact of this incident and our response to date.

We continue to work diligently in response to this Heroku incident first
announced on April 15, 2022. We worked with GitHub, our threat intelligence
vendors, other industry partners, and have been in touch with law enforcement to
assist in our investigation. Without compromising our ongoing investigation or
the security of our customers, we are able to share the following details.

On April 7, 2022, a threat actor obtained access to a Heroku database and
downloaded stored customer GitHub integration OAuth tokens. Access to the
environment was gained by leveraging a compromised token for a Heroku machine
account. According to GitHub, the threat actor began enumerating metadata about
customer repositories with the downloaded OAuth tokens on April 8, 2022. On
April 9, 2022, the attacker downloaded a subset of the Heroku private GitHub
repositories from GitHub, containing some Heroku source code.

GitHub identified the activity on April 12, 2022, and notified Salesforce on
April 13, 2022, at which time we began our investigation. As a result, on April
16, 2022, we revoked all GitHub integration OAuth tokens, preventing customers
from deploying apps from GitHub through the Heroku Dashboard or via automation.
We remain committed to ensuring the integration is secure before we re-enable
this functionality.

Separately, our investigation also revealed that the same compromised token was
leveraged to gain access to a database and exfiltrate the hashed and salted
passwords for customers’ user accounts. For this reason, Salesforce is ensuring
all Heroku user passwords are reset and potentially affected credentials are
refreshed. We have rotated internal Heroku credentials and put additional
detections in place. We are continuing to investigate the source of the token
compromise.

Please continue to visit status.heroku.com for updates as they become available.


WELCOME TO HEROKU SUPPORT




TRENDING ARTICLES

Before opening a support ticket
What should I do if I'm locked out of my Heroku account?
Log4j2 CVE-2021-44228
How to deploy changes from GitHub to Heroku via the command line
Why am I seeing `SSL error: tlsv1 alert protocol version (PG::Error)` when
connecting to my Heroku Postgres database?

Select a topic, then pick a category and we'll show you commonly asked questions
and answers.
Looking for more help? Ask the community or create a ticket to get it routed to
the best person to answer it.

General Platform Features
Account Management
Domains & Routing
Security
Billing, Verification & Payments
Heroku Postgres
Heroku Connect
Heroku Redis
Heroku Kafka
CI, Pipelines & Review apps
Platform Error Codes
Command Line Tools



CHANGELOG

OpenJDK 18.0.1 now available
JDK 17.0.3, 15.0.7, 13.0.11, 11.0.15, 8u332, and 7u342 now available
April 2022 PHP Updates
Python updated pip, setuptools and wheel


COMMUNITY

Engage with a community of passionate experts to get the answers you need




HEROKU STATUS

Check for known issues on the Heroku Status website


heroku.com Blogs Careers Documentation
Terms of Service Privacy Cookies Cookie Preferences © 2022 Salesforce.com


COOKIE CONSENT MANAGER




 * GENERAL INFORMATION


 * REQUIRED COOKIES


 * FUNCTIONAL COOKIES


 * ADVERTISING COOKIES


GENERAL INFORMATION

We use three kinds of cookies on our websites: required, functional, and
advertising. You can choose whether functional and advertising cookies apply.
Click on the different cookie categories to find out more about each category
and to change the default settings.
Privacy Statement


REQUIRED COOKIES

Always Active

Required cookies are necessary for basic website functionality. Some examples
include: session cookies needed to transmit the website, authentication cookies,
and security cookies.

Cookies Details‎


FUNCTIONAL COOKIES

Functional Cookies


Functional cookies enhance functions, performance, and services on the website.
Some examples include: cookies used to analyze site traffic, cookies used for
market research, and cookies used to display advertising that is not directed to
a particular individual.

Cookies Details‎


ADVERTISING COOKIES

Advertising Cookies


Advertising cookies track activity across websites in order to understand a
viewer’s interests, and direct them specific marketing. Some examples include:
cookies used for remarketing, or interest-based advertising.

Cookies Details‎


BACK BUTTONBACK



Vendor Search
Filter Button
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label

 * View Third Party Cookies
    * Name
      cookie name


Clear
checkbox label label
Apply Cancel
Save Settings
Accept All Cookies


We use cookies to make your interactions with our website more meaningful. They
help us better understand how our websites are used, so we can tailor content
for you. For more information about the different cookies we are using, read the
Privacy Statement. To change your cookie settings and preferences, click the
Cookie Consent Manager button.

Reject All Cookies Accept All Cookies
Cookie Consent Manager