Rubygems.org AWS Root Access Event – September 2025
16 hours ago
- #rubygems
- #security-incident
- #aws-access
- Ruby Central disclosed a security incident involving unauthorized AWS root access to RubyGems.org in September 2025.
- A former maintainer retained access to production systems despite prior revocation of administrative privileges.
- Unauthorized actors changed the AWS root password and attempted to lock out authorized personnel.
- Ruby Central regained control, revoked compromised credentials, and implemented enhanced security measures.
- No evidence of compromised user data, gems, or infrastructure was found.
- Root causes included failure to rotate shared credentials and lack of oversight on exfiltrated credentials.
- Ruby Central committed to procedural updates, independent audits, and formalized access agreements.
- The incident highlighted governance and ethical concerns regarding production access and data privacy.