We are informing you about a security incident that occurred on March 6, 2026. Based on our investigation to date, there is no indication that any customer data was affected or compromised. However, we want to share the information we have with you as part of our ongoing commitment to transparency.
What happened At approximately 21:52 UTC on March 6, 2026, we detected that the GitHub account of one of our employees had been compromised as part of a broader, known malware campaign. The attacker used this access to inject malicious code into multiple branches across our GitHub repositories via force-pushed commits. Thanks to branch protection rules in place on our repositories, no changes were merged into any default or protected branches.
How we responded Upon detection, we immediately suspended the affected account and blocked all associated access across our internal systems. Our engineering team then identified all affected branches and reverted every malicious commit. Full cleanup was completed by approximately 00:32 UTC on March 7, 2026.
What we have investigated We have since conducted a thorough review of our GitHub audit logs, AWS CloudTrail logs, Google Workspace logs, and all other important resources. All activity reviewed was consistent with expected patterns — no unauthorized access, no suspicious logins, and no signs of data exfiltration were identified beyond the GitHub repository commits, which have been fully reverted. Despite no signs of malicious access, we also completed the rotation of secrets and the scan of all working machines used by Apify employees.
Impact on your data Based on our investigation to date, there is no evidence that any customer data was accessed or affected by this incident. The attack was limited to source code repository branches, all of which were protected and have been restored. We take the security of your data seriously and will continue analyzing the impact of the issue and monitoring for any further indicators of compromise. We will provide an update if our ongoing investigation reveals any new findings.
Please don't hesitate to reach out to security@apify.com if you have any questions.