18:00 PST 2024-06-27
On 25 June 2024, a hacktivist group published an article claiming that they had access to rabbit’s internal source code which included several API keys used to provide services to r1 customers. Upon discovery of the article, our team began the investigation and response process.
- We performed an inventory of all secrets currently in use.
- We began immediately revoking and rotating those secrets.
As part of the inventory process, we identified additional secrets that were not properly stored in AWS Secrets Manager.
As part of the rotation process, the team updated relevant portions of the codebase to ensure that all secrets were properly stored.
Actions in Progress
- We’re reviewing historical code versions for any additional secrets stored in code. Those secrets will be revoked as we identify them.
- We’re implementing automated code review checks that will prevent developers from committing secrets to our codebase.
- We are reviewing audit logs of our SaaS platforms to check for any theft of customer data. As of the publishing of this update, we have not found there to be any compromise of our critical systems or of the safety of customer data.
We will continue to use this page to provide updates as they become available.
13:00 PST 2024-06-26
On June 25, 2024, we were notified that a third-party may have had access to working API keys for multiple SaaS providers used by rabbit to provide services to our customers. Based on this notice, the rabbit security team rotated the keys to those APIs, which caused a brief downtime on the devices. Our team is continuing our investigation. As of today, we have not found there to be any compromise of our critical systems or of the safety of customer data.
We will use this page to provide updates as they become available. We’re grateful for the trust our customers have placed in us. Our top priority is maintaining that trust by protecting customer data and by providing transparency while we investigate.