Home / Companies / Checkly / Blog / Post Details
Content Deep Dive

Post mortem: Checkly security incident [updated]

Blog post from Checkly

Post Details
Company
Date Published
Author
Tim Nolet
Word Count
897
Company Posts That Month
1
Language
English
Hacker News Points
-
Post removed?
No
Summary

This incident involved a public dashboard issue where users could see disabled checks in their dashboard when setting a specific filter combination. The bug was caused by a logic error in the endpoint that served the dashboard, which allowed authenticated users to potentially view sensitive data from disabled browser check scripts. However, no user data, emails, passwords or other Personally Identifiable Information was compromised. The issue was fixed at 18:21 CET after a patch was made and tested. To prevent similar issues in the future, the company plans to integrate authentication, accounts, and endpoint interactions more robustly, move account "pinning" outside of application logic, conduct a security assessment with a pro security consultant, implement code reviews, and establish a bug bounty program.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Secrets Management 3 104 19 15 -51%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.