Security Update: Birdie's Proactive Action Against Supply Chain Risks

Dear Customer,

We are writing to provide an update on the actions Birdie is taking in relation to the recent security incident known as SHA1-HULUD, which affected the software supply chain of our analytics service provider, PostHog.

Our Commitment

We recognize the seriousness of this type of attack. Immediately following the incident's disclosure, we executed a full security audit across all our systems and integrations.

We can assure you that:

1. The Birdie platform and all customer data were NOT compromised by the SHA1-HULUD attack.
2. We found no evidence of unauthorized access, data theft, or credential exposure within our environments.
3. The incident was contained within the third-party NPM packages, and our internal defense measures were effective.

Proactive Measure: Credential Rotation Maintenance

Despite the security of our current systems, Birdie is scheduling mandatory security maintenance to rotate all keys and access tokens used to connect to PostHog and other critical services.

This action is strictly preventative and based on best security practices. By performing this credential rotation, we ensure the invalidation of any old keys, eliminating even the slightest residual risk stemming from the third-party incident.

Maintenance Details and Impact

• The core Birdie service will NOT be affected.
• You may experience a very brief or intermittent interruption in functionalities that relies on our direct integration with PostHog or other services which keys are being rotated.

Our priority is service continuity and the maximum protection of your data. We thank you for your trust in Birdie and remain vigilant in defending our systems.