Outage in Apify
Security Incident Notification – March 6, 2026
Resolved MinorIncident Report
We are informing you about a security incident that occurred on March 6, 2026. Based on our investigation to date, there is no indication that any customer data was affected or compromised. However, we want to share the information we have with you as part of our ongoing commitment to transparency.
What happened
At approximately 21:52 UTC on March 6, 2026, we detected that the GitHub account of one of our employees had been compromised as part of a broader, known malware campaign. The attacker used this access to inject malicious code into multiple branches across our GitHub repositories via force-pushed commits. Thanks to branch protection rules in place on our repositories, no changes were merged into any default or protected branches.
How we responded
Upon detection, we immediately suspended the affected account and blocked all associated access across our internal systems. Our engineering team then identified all affected branches and reverted every malicious commit. Full cleanup was completed by approximately 00:32 UTC on March 7, 2026.
What we have investigated
We have since conducted a thorough review of our GitHub audit logs, AWS CloudTrail logs, Google Workspace logs, and all other important resources. All activity reviewed was consistent with expected patterns — no unauthorized access, no suspicious logins, and no signs of data exfiltration were identified beyond the GitHub repository commits, which have been fully reverted. Despite no signs of malicious access, we also completed the rotation of secrets and the scan of all working machines used by Apify employees.
Impact on your data
Based on our investigation to date, there is no evidence that any customer data was accessed or affected by this incident. The attack was limited to source code repository branches, all of which were protected and have been restored.
We take the security of your data seriously and will continue analyzing the impact of the issue and monitoring for any further indicators of compromise. We will provide an update if our ongoing investigation reveals any new findings.
Please don't hesitate to reach out to security@apify.com if you have any questions.
Sincerely,
The Apify security team
Need to monitor Apify outages?
- Monitor all your external dependencies in one place
- Get instant alerts when outages are detected
- Be the first to know if service is down
- Show real-time status on private or public status page
- Keep your team informed
Latest Updates ( sorted recent to last )
RESOLVED
18 days ago - at 03/12/2026 09:34AM
This incident has been resolved.
MONITORING
18 days ago - at 03/11/2026 12:48PM
We are informing you about a security incident that occurred on March 6, 2026. Based on our investigation to date, there is no indication that any customer data was affected or compromised. However, we want to share the information we have with you as part of our ongoing commitment to transparency.
What happened
At approximately 21:52 UTC on March 6, 2026, we detected that the GitHub account of one of our employees had been compromised as part of a broader, known malware campaign. The attacker used this access to inject malicious code into multiple branches across our GitHub repositories via force-pushed commits. Thanks to branch protection rules in place on our repositories, no changes were merged into any default or protected branches.
How we responded
Upon detection, we immediately suspended the affected account and blocked all associated access across our internal systems. Our engineering team then identified all affected branches and reverted every malicious commit. Full cleanup was completed by approximately 00:32 UTC on March 7, 2026.
What we have investigated
We have since conducted a thorough review of our GitHub audit logs, AWS CloudTrail logs, Google Workspace logs, and all other important resources. All activity reviewed was consistent with expected patterns — no unauthorized access, no suspicious logins, and no signs of data exfiltration were identified beyond the GitHub repository commits, which have been fully reverted. Despite no signs of malicious access, we also completed the rotation of secrets and the scan of all working machines used by Apify employees.
Impact on your data
Based on our investigation to date, there is no evidence that any customer data was accessed or affected by this incident. The attack was limited to source code repository branches, all of which were protected and have been restored.
We take the security of your data seriously and will continue analyzing the impact of the issue and monitoring for any further indicators of compromise. We will provide an update if our ongoing investigation reveals any new findings.
Please don't hesitate to reach out to security@apify.com if you have any questions.
Sincerely,
The Apify security team
Latest Apify outages
Degraded Datacenter Proxy Performance - 23 days ago
Degraded residential proxy performance - 2 months ago
Apify Console temporarily unvailable - 2 months ago
apify.com/store disrupted - 3 months ago
Customer support chat unavailable - 3 months ago
The Status Page Aggregator with Early Outage Detection
With IsDown, you can monitor all your critical services' official status pages from one centralized dashboard and receive instant alerts the moment an outage is detected. Say goodbye to constantly checking multiple sites for updates and stay ahead of outages with IsDown.
Start free trialNo credit card required · Cancel anytime · 6020 services available
Integrations with
