jacksonpollocksno5 | Stripe Developers | Page 1

mellow aspenBOT Jan 25, 2024, 10:25 AM

#

brave mulch Jan 25, 2024, 10:26 AM

#

Hello
are you sure the email was from Stripe? I'd double check the authenticity of the email first.

After that, I would suggest you reach out to our support about that. We don't know a ton about how these emails are sent (if we do send them). Support team can help dig deeper into this
https://support.stripe.com/?contact=true

Also, if the email indeed came from us then I'd recommend rolling the keys immediately

jade tapir Jan 25, 2024, 10:28 AM

#

Yeah i'm pretty sure its a stripe email and genuine, i spoke to support, a bit useless after an hour just told us to roll the key, which i will do but that doesn't fix anything if the key is still being exposed

brave mulch Jan 25, 2024, 10:29 AM

#

I see. Unfortunately, my team on discord won't know a ton about this. I'd recommend sending in an email if the chat support isn't helpful

jade tapir Jan 25, 2024, 10:30 AM

#

Honestly this is a total joke, its just going to accelerate our decision to leave Stripe. Thanks

brave mulch Jan 25, 2024, 10:33 AM

#

I understand your frustration but my team really just works with developers re: API/SDK asks. We don't know a ton about how these emails are triggered. Writing in via support can put you in touch with the right team for this.

jade tapir Jan 25, 2024, 10:36 AM

#

yeah no worries i get it, i ts just because i was onto support for an hour there and they told me nothing, eventually just a step by step on how to roll the key lol. But for something as serious as this there should be someone to deal with it immediately, all i've been told is we dont even know if Stripe sends those emails and we don't know anything about them....

brave mulch Jan 25, 2024, 10:42 AM

#

I am checking within my team if anyone knows about us sending these emails but I'm positive none of us would know anything beyond that. Writing in via support would be the best path forward.

#

can you share your account ID?

#

Looks like we do send an email if we suspect leaked keys.
The general guidence around investigating API key leaks is to:

Re-roll your keys.
Audit Dashboard access.
Audit your integration where you use the key(s).

jade tapir Jan 25, 2024, 10:52 AM

#

like we eare checking but it would just be good to know the path in which the key was found, otherwise we're kinda shooting in the dark

#

are you ablee to check this reference, see if you can see anything Impacted account: TF (acct_1HseFZHUowliFUhs)

Reference identifier: BD15B6QVJ

mellow aspenBOT Jan 25, 2024, 10:54 AM

#

rotund kindle Jan 25, 2024, 10:55 AM

#

We wouldn't have any information on where we suspect the leaked key is I'm afraid. In any case https://support.stripe.com/contact is the best option if you've further concerns beyond the advice shared above

Stripe: Help & Support

Find help and support for Stripe. Our support site provides answers on all types of situations, including account information, charges and refunds, and subscriptions information. Get your questions answered and find international support for Stripe.

jade tapir Jan 25, 2024, 10:56 AM

#

Like Stripe as a whole wouldn't know or just you guys on discord?

rotund kindle Jan 25, 2024, 10:57 AM

#

I'm not sure I'm afraid. We certainly don't have that info here

jade tapir Jan 25, 2024, 10:57 AM

#

fuck it im done with stripe, total joke

#jacksonpollocksno5