ngrok Security Disclosure, May 2022

Ngrok has disclosed a security vulnerability that affected less than 5% of its active users, causing data leakage between accounts when viewing the dashboard. The bug was caused by a caching layer issue and allowed personal Authtoken information to be viewed by another user. However, no malicious activity was detected, and all affected users have been contacted with remediation steps to rotate their Authtoken. Ngrok's engineering team has taken measures to improve log data handling, detect patterns, and respond effectively to similar incidents in the future.