The security breach was discovered by Rollbar on September 6 when reviewing data warehouse logs showing that a service account was used to log into the cloud-based bug monitoring platform.
Once inside Rollbar's systems, the threat actors searched the company's data for cloud credentials and Bitcoin wallets. The party first tried to launch compute resources, and after that failed for lack of permission, they accessed the data warehouse and ran searches that suggested they were interested in Bitcoin wallets or other cloud credentials.
Rollbar's follow-up investigation found that the attackers had access to its systems for three days between August 9 and August 11, 2023.
While inside Rollbar's servers, they accessed sensitive customer information, including usernames and email addresses, account names, and project information, such as environment names and service link configuration. More importantly, customers' project access tokens that enable them to interact with Rollbar projects were also retrieved during the incident.