On the 26th of July 2020, we discovered that some of our product source code was leaked to a public repository. After a thorough investigation, we discovered that only snapshots of codes resident on our static code analysis tool were exposed. This tool is used by the engineering team to scan for vulnerabilities and bugs in our source code before shipping them. As the tool also keeps a snapshot of the most recently scanned lines of code, the attackers exploited a vulnerability in this tool which allows users with unauthorized access to scrape recently scanned lines of code. These code snapshots were what the attackers were able to access.
From our investigations, we can confidently say that no sensitive data was exposed and only lines of code from some of our projects were affected. Even with this leak, exposure is minimal and as such would pose no security risk to us and our customers.
To further ensure the safety of our customers and to mitigate against any future security risk, we have succeeded in getting our code removed from the public repository and shut down the tool through which the source code was scraped.
We apologize to our customers for whatever inconvenience this may have caused and we would like to reiterate our commitment to providing you best in class service and security.