trivelop @rrrene on

Inch CI outage / post mortem

On June 22nd, the Inch CI site and services were not available for ~ 18 hours, as you may have witnessed.

This is what happened to the best of my knowledge:

An attacker gained access to a none-Inch-CI related user account on the server, which was then disconnected. I can not know whether the Inch CI user account, Inch CI database, GitHub tokens or any other security/system-related material has been compromised. To be sure, the server was wiped clean and I installed everything afresh, including a 12h old database backup. I have also resetted the GitHub-App credentials and invalidated all existing user tokens (when you login via Github the next time, you will have to re-authenticate).

All in all this has been a wild day. I am truly sorry for any inconvience this caused you and super greatful for your patience and support via Twitter.

I am very much looking forward to seeing some of you in Salzburg and to buy you a beverage of your choice.

Fork me on GitHub