One of the largest security and CDN companies, Cloudflare, reported that it was compromised by someone using stolen credentials to access internal systems, code repositories, AWS, Atlassian Jira and Confluence environments.
The company he says on her blog:
On Thanksgiving Day, November 23, 2023, Cloudflare detected a breach on our Atlassian self-hosted server. Our security team immediately began an investigation, cut off the attacker's access, and on Sunday, November 26th, we brought in CrowdStrike's forensics team to conduct their own independent analysis.
Yesterday, CrowdStrike completed their investigation and we are publishing this post to talk about the details of this incident.
We want to emphasize to our customers that no Cloudflare customer components or systems were affected by this incident. Due to our access controls, firewall rules and the use of hard security keys enforced using our Zero Trust, the hacker's ability to move laterally was limited. No services are involved and no changes were made to our global network systems or configuration.
The goal of the attack, according to Cloudflare, was to gain information about the company's infrastructure, possibly to gain more information that they could use later. The hackers or the hacker had access from November 14 to 17.
According to Cloudflare, more than 5.000 individual production credentials were changed after the incident, nearly 5.000 systems were tested, test and staging systems were physically partitioned, and every machine on Cloudflare's global network was checked, reinstalled, and rebooted.