Confluent Cloud Q1 Launch: Build a Secure Shared Services Data Streaming Platform | Learn more
Our team was recently notified of unauthorized read-only access to Confluent’s GitHub account stemming from the recent Codecov incident (more information here). The security of our customers and their data is critically important to us, and upon learning of this Codecov breach, our security team took immediate action to assess the ramifications of this incident and implement additional security measures to limit any further impact—including engaging with an industry-leading cyber forensics team to conduct a full-scale investigation and contacting law enforcement.
Our investigation remains ongoing, but here is what we have learned so far:
With regards to the corrective measures we have taken so far, we have:
Confluent has a robust security program that includes assessing the security of our vendors, proactively scanning our source code for vulnerabilities such as hard-coded credentials, and proactive monitoring for suspicious activity in our cloud environments that helps minimize the risk of these types of incidents.
We approach matters such as this with the utmost seriousness. Regardless of what tools are involved or at fault, we ultimately hold ourselves accountable for the security of our customers and the data they entrust us with. We continue to work around the clock to gather additional information and limit the impact of this incident on our systems and our customers. We will continue to provide updates as new information becomes available.
I'm excited to share our intent to acquire Immerok! Together, we’ll build a cloud-native service for Apache Flink that delivers the same simplicity, security, and scalability that you expect from Confluent for Kafka.
Today, we’re excited to announce that Confluent is part of the initial set of partners for Microsoft Intelligent Data Platform, an integrated set of data services unifying databases, analytics, and […]