Intercom Access Token
Service Name: Intercom
Service Description: Intercom is a customer messaging platform that allows businesses to communicate with prospective and existing customers within their app, on their website, through social media, or via email.
Service Address: https://www.intercom.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through Intercom's security settings.
Secret Access Scope: Grants programmatic access to Intercom's API, allowing management of conversations, contacts, and other customer communication features.
Secret Revokement URL: https://app.intercom.com/a/apps/_/developer-hub/app-packages
Secret Example: dG9rOjFhMmIzYzRkXzVlNmY3Zzho
Suspicious Activity Investigation Instructions:
- Review Intercom activity logs for unusual conversation access or customer data retrieval.
- Check for unexpected changes to automation rules or bot configurations.
- Monitor for unusual API call patterns or volume.
- Verify if there are new team members or integrations added to your Intercom account.
- Look for changes in conversation assignment rules or team settings.
Mitigation Instructions:
- Log in to your Intercom account and navigate to the Developer Hub.
- Locate the compromised API token in your app settings.
- Click "Revoke" or "Delete" to immediately invalidate the token.
- Generate a new token with appropriate permissions if needed.
- Review and update security settings, including IP restrictions if available.
- Audit all integrations and connected applications to ensure they're legitimate.
- Enable two-factor authentication for all team members with access to Intercom.