Post mortem: Checkly security incident [updated]
Blog post from Checkly
This incident involved a public dashboard issue where users could see disabled checks in their dashboard when setting a specific filter combination. The bug was caused by a logic error in the endpoint that served the dashboard, which allowed authenticated users to potentially view sensitive data from disabled browser check scripts. However, no user data, emails, passwords or other Personally Identifiable Information was compromised. The issue was fixed at 18:21 CET after a patch was made and tested. To prevent similar issues in the future, the company plans to integrate authentication, accounts, and endpoint interactions more robustly, move account "pinning" outside of application logic, conduct a security assessment with a pro security consultant, implement code reviews, and establish a bug bounty program.
| Trend | Post Mentions | Total Month Mentions | Posts | Companies | MoM |
|---|---|---|---|---|---|
| Secrets Management | 3 | 104 | 19 | 15 | -51% |
Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.