On January 23rd, some forum users reported seeing other buckets which didn’t belong to them. This
technical issue has been classified as “mild” and stems from an issue with Golang range variables on array types (we’ll be sharing more on this in the coming issues, as well as the lessons we’ve learned and the details about the fix.) This issue caused some bucket names to appear in the satellite web console (bucket page) for some users that did not create those buckets. None of the data or metadata in these buckets was exposed. Only the names of buckets, egress used, storage used, and object count were exposed.
Our awesome team worked overnight to figure out the issue, and get a fast resolution. Special thanks to Storjlings @littleskunk, @zeebo, krista, @Egon, @thePaul, @Brandon, @stefanbenten @keleffew and @calebcase
Please note that you may always follow our status at https://status.tardigrade.io/
Bugs and issues can be reported to email@example.com
We take these kinds of issues seriously, whether mild or severe.
In summary, the data exposed was only the names of buckets, egress used, storage used, and object count. No data or metadata was exposed.
We’ll continue to post updates. Please stay tuned for further posts.