We confirmed a condition where an internal application was exposed to the internet. This application contains customer AWS login name, without any credentials or keys, contact email address, estimated monthly spend with Engine Yard and url listings for Github repositories. As no credentials were exposed, private repositories could not be accessed.
This issue has been resolved by requiring internal authentication before execution. All internal applications are now be required to follow this protocol. No sensitive customer information was disclosed as a result of this condition. As no sensitive customer information was involved, this condition was not detected in our processes to ensure that sensitive data are protected correctly.
If you have any concerns or questions about any possible effect from this condition on your systems, please submit a ticket through our support site
and we will respond to you promptly. The safety and security of your systems and data are paramount to all of us at Engine Yard and I appreciate the trust that you continue to place with us.
Chief Security Officer