JetBrains YouTrack Instance Security Issue Post Mortem

Last Friday, August 7, around 5 PM GMT we experienced a security issue on our production instance at youtrack.jetbrains.com.

For about an hour, all external users and guest accounts obtained permissions to all of our projects, including internal ones. Issues, comments, and attached files in public projects that were restricted by permitted user group were not affected. The issue was caused by an administration failure during the permission synchronization process.

The issue was detected and fixed within an hour thanks to our Operation team. We’ve also received bug reports from our external users at the same time. We’ve carefully checked the access logs to make sure that no private customers data were accessed and no important internal information was affected.

We offer our deepest apologies to all our internal and external users. We’ve made our best to prevent such problems in the future by adding security tests covering more access scenarios.

Thank you for your understanding and patience, we really appreciate it.

 

About Valerie Andrianova

Valerie Andrianova is YouTrack, Hub and Upsource Product Marketing Manager at JetBrains. Her professional interests include issue & bug tracking, project and task management, agile methodologies and team collaboration. Apart from work, she cannot imagine her life without live music, quirky books and lattes with those cute little foam hearts.
This entry was posted in events and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *