The fund team discovered today that the contents cargo_session The cookie is continuing for our error monitoring service, Sentry, as part of the events of the events sent when an error occurs in the back interface. This cookie value is a signature value that defines the user currently registered in the user, and therefore these cookies values can be used to impersonate anyone who is registered in the user.
Sentry Access is limited to a reliable sub -group of Cattes.io team, stainless infrastructure team, and the rotation team on Cats.IO, which can already access Cates.io production environment. There is no evidence that these values have been accessed or used.
However, out of an abundance of caution, we took these measures today:
- We have combined and published a change in the revision of all the values of cookies from all Sentry events.
- We have canceled all the sessions that you have logged in, making the cookies stored in the Sentry useless. In fact, this means that all boxes. The browser session was released from the browser session.
Note that API codes are no It is affected by this: it is transferred using Authorization Http Header, it has already been properly revised before storing events in Sentry. All current API codes will continue to work.
We apologize for the inconvenience. If you have any other questions, please contact us on Zulip or GitHub.
Adam Harvey on behalf of
As published here
Feature image: https://unsplash.com/photos/baked-cookies-zs3ofu40cqu
