RubyGems.org AWS Root Access Security Incident - September 2025 Post-Mortem
By
ilikepi
7mo ago· 8 min readenInsight
90/100
Golden Brown
Bagelometer↗
The bagel they save for the regulars. Don't skim, savour.
Score90TypeanalysisSentimentneutral
Summary
Ruby Central published a post-incident review detailing a September 2025 AWS root-access security event at RubyGems.org. The incident involved a former maintainer retaining access to the production environment after administrative access was removed from several accounts. The document outlines what occurred, what was verified during the investigation, and the security process improvements implemented to prevent similar incidents in the future.
Key quotes
· 3 pulledAs part of standard incident-response practice, Ruby Central is publishing the following post-incident review to the public
This document summarizes the September 2025 AWS root-access event, what occurred, what we verified, and the actions we've taken to strengthen our security processes
On September 30th, a blog post raised concerns that a former maintainer continued to have access to the RubyGems.org production environment after administrative access was removed from several accounts earlier that month
As part of standard incident-response practice, Ruby Central is publishing the following post-incident review to the public. This document summarizes the September 2025 AWS root-access event, what occurred, what we verified, and the actions we’ve taken t
