https://t.co/8yt4MMMtGW is back online and fully secure 🔒
We've hot-fixed the compromised component and triple checked the entire app for similar vulnerabilities, which there were none. We continue building... we have some new features launching over the next 24 hours so now we really lock in for #EKKO.
Upon review, in our deployed platform, we'd mistakenly leaked our Postgres service role key which provided access to run SQL commands, allowing a user to remotely delete, and replace our token data, and replace it with their own. This 'leak' did not provide access to our users sensitive credentials and Supabase encrypts all user data.
We hold our hands up here, this was overlooked but we will continue to build. We've got some exciting features/improvements coming over the next 24 hours.
Again, thank you to our community for being real ones 🧡
The EKKO team.