Heroku / Gtihub Security Notification


On April 16th, one of our service providers, Heroku, announced a security incident involving their integration with another one of our providers, Github.

A small subset of Heroku's customers had their Github accounts compromised, potentially leading to a cascade of other security issues as the attacker accessed source code.

Sorry™ do not appear to have been one of the affected customers, as we have received no direct notification from Github or Heroku to suggest our account was one of those compromised.

Regardless, we took steps to disable our connection between Heroku and Github before auditing our security logs to look for signs of malicious actions, of which there were none.

I'm confident that we were not compromised.

Please let us know if you have any specific questions.

Avatar for Robert Rawlins
Robert Rawlins
Began at:

Affected components
  • Status Pages
  • Management UI
  • Monitoring Automation
    • Inbound Mail
    • Pingdom Sync
  • Message Distribution
    • Email
      • Email by Sorry™
      • MailChimp
      • Mailgun
      • SendGrid
      • Postmark
    • Microsoft Teams
    • Slack
    • SMS
    • Twitter
    • Website Plugin
    • Intercom Messenger App