Heroku will start resetting user account passwords today, May 4, 2022, as mentioned in our previous notification. We recommend that you reset your user account password in advance here and follow the best practices below:
Minimum of 16 characters NOTE: A password reset will also invalidate your API access tokens. As a result, any automations you’ve built to integrate with the Heroku Platform API that use these tokens may result in 403 forbidden errors . To avoid downtime you will need to re-enable direct authorizations by following the instructions here and update your integrations to use your newly generated token. As an added precaution, we strongly recommend enabling Multi-Factor Authentication (MFA) by following the guidance in the MFA article in the Heroku Dev Center. To ensure you have a backup to your primary MFA verification method, we also suggest setting up recovery codes. We sincerely regret any inconvenience you may have experienced because of this issue and appreciate your trust in us as we continue to make your success our top priority. Please continue to visit status.heroku.com for the latest updates. If you used your previous password on any other sites, we highly recommend you also change your password on those sites. If you have any questions or require assistance, please open a case with Heroku Support. Thank you, Salesforce 最少16个字符 注意:密码重置也会使你的API访问令牌失效。因此,您建立的与Heroku平台API集成的任何自动程序,如果使用这些令牌,可能会导致403禁止的错误。为了避免停机,您需要按照这里的说明重新启用直接授权,并更新您的集成以使用新生成的令牌。 作为一项额外的预防措施,我们强烈建议按照Heroku开发中心的MFA文章的指导,启用多因素认证(MFA)。为了确保你有一个主要MFA验证方法的备份,我们还建议设置恢复代码。 我们对您因这一问题而遇到的任何不便表示诚挚的歉意,感谢您对我们的信任,我们将继续把您的成功作为我们的首要任务。请继续访问status.heroku.com了解最新的更新。 如果你在任何其他网站上使用你以前的密码,我们强烈建议你也在这些网站上改变你的密码。如果你有任何问题或需要帮助,请在Heroku支持部门开一个案例。 谢谢你。 Salesforce团队 |
我也收到了, 不知道是不是钓鱼, 看起来不太对劲 是不是出现了大规模用户信息泄露, 被哪位mjj脱裤了 |
目前说是有漏洞,会泄露github的oth什么的身份验证信息 |
你自己登录官网重置一下密码就好了,能怎么钓鱼 |
我也收到了 怎么整 MJJ们 |
应该是被泄密了所以强制重置 但是不知道是不是真的 |
密码早忘了 |
已经有MJJ发了,是真的。 https://status.heroku.com/incidents/2413 |
其实是要求设置账户的多因素验证 我另一个账号设置了TOTP验证就没有要求改密码,另一个账号没有设置TOTP就收到了要求修改密码的邮件 |