March 19, 2024 at 06:18AM
AI-powered code documentation firm Mintlify experienced a data breach due to system vulnerability, leading to 91 customer GitHub tokens being compromised. The breach prompted a bug bounty program and security measures, including token revocation and collaboration with GitHub and cybersecurity firms. Mintlify also launched a bug bounty program for security researchers, guaranteeing financial compensation for certain vulnerabilities.
The meeting notes indicate that the AI-powered code documentation firm Mintlify experienced a data breach that compromised customer GitHub tokens. This was caused by a vulnerability in its systems, leading the company to launch a bug bounty program. The breach, which was identified on March 1, exposed 91 customer tokens and resulted in unauthorized access to the company’s servers. Mintlify took immediate steps to address the breach, including revoking all GitHub token access, rotating administrative access tokens, and enhancing the security of its APIs. The company also worked with a bug bounty reporter to address the underlying vulnerability and is collaborating with cybersecurity firms to investigate the incident and improve its security stance. To further encourage security researchers to report vulnerabilities, Mintlify has launched a bug bounty program covering specific domains and has provided guidelines for vulnerability reports. Additionally, the company guarantees financial compensation for previously unidentified vulnerabilities with a CVSS score of 4 or higher. The meeting notes also highlight the potential risks associated with bug bounty programs and the aggressive tactics of some bounty hunters.