Heroku suggests credentials reset in response to GitHub incident

5 points by jrochkind1 ↗ HN
Email received from heroku today:

Security Notification

At Salesforce, we understand that the confidentiality, integrity, and availability of your data are vital to your business, and we take the protection of your data very seriously. We value transparency and wanted to notify you that, to ensure the protection of your data and in response to this incident[1], we have identified a subset of your applications that have custom (non-add-on-provider) log drains configured. We recommend updating and refreshing the credentials used with those log drains as soon as possible.

NOTE: This action is only required for log drains that have been manually added to your application. No action is required for logging performed by Heroku logging add-ons provisioned through the Heroku Elements Marketplace.

Please follow the instructions here[2] to refresh your apps below: [omitted]

[1]: https://status.heroku.com/incidents/2413

[2]: https://devcenter.heroku.com/articles/log-drains

2 comments

[ 0.22 ms ] story [ 17.3 ms ] thread
I'm frankly pretty confused about what heroku is asking me to do. "The credentials used with these log drains" means... what?
I got the same email. I assume they’re talking about the log drain URLs - they contain some kind of token..?