An email on March 1st raised concerns about the security of our endpoints, leading to the discovery of unauthorized requests targeting sensitive API endpoints. These requests were successful, indicating the actor had private admin access tokens. GitHub tokens were used to access a customer’s repository, prompting immediate action by revoking all access tokens and implementing stringent security measures. Collaboration with cybersecurity firms, comprehensive security policies, and a bounty program are ongoing preventive measures. The vulnerability has been patched, and systems have been secured. No further action is required from users to continue using the product safely. Trust and security are priorities for the Mintlify team.
https://mintlify.com/blog/incident-march-13