Incidents

Security incidents, response timelines, post-mortem action items.

Incidents YTD

P1 last 90d

Open action items

MTTR (P1, days)

0.18

≈ 4h target met

Incident log

INC-204

Credential stuffing attack against payments-api

Status

post mortem

Anomalous login pattern from distributed IPs; rate-limit + bot detection deployed.

Detected

12 Aug 2024 14:22

Resolved

12 Aug 2024 18:40

Owner

Priya Shah

Action items

5/8 closed

INC-203

Exposed S3 bucket (marketing-assets-old)

Status

resolved

Bucket misconfigured during legacy migration; no sensitive data exposed.

Detected

05 Aug 2024 09:10

Resolved

05 Aug 2024 11:50

Owner

Sara Okafor

Action items

3/4 closed

INC-202

Phishing campaign targeting finance team

Status

resolved

12 employees received; 0 credentials submitted. Email rules + training rolled out.

Detected

28 Jul 2024

Resolved

28 Jul 2024

Owner

Priya Shah

Action items

6/6 closed

INC-201

GuardDuty alert — EC2 communicating with C2 IP

Status

resolved

Confirmed false positive after threat intel review.

Detected

20 Jul 2024

Resolved

20 Jul 2024

Owner

Sara Okafor

Action items

3/5 closed

INC-200

Service account key leaked in public Gist

Status

resolved

Key revoked within 14 minutes; pre-commit hook deployed across org.

Detected

10 Jul 2024

Resolved

10 Jul 2024

Owner

Priya Shah

Action items

8/9 closed

INC-199

DDoS surge against marketing site

Status

resolved

CDN absorbed traffic; no customer impact.

Detected

01 Jul 2024

Resolved

01 Jul 2024

Owner

Sara Okafor

Action items

3/3 closed