Intercom OAuth Token
Service Name: Intercom
Service Description: Intercom is a customer messaging platform that allows businesses to communicate with prospective and existing customers within their app, on their website, through social media, or via email.
Service Address: https://www.intercom.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through Intercom's security settings.
Secret Access Scope: Grants programmatic access to Intercom's API, allowing applications to access and manage conversations, contacts, and other Intercom resources.
Secret Revokement URL: https://app.intercom.com/a/apps/_/developer-hub/oauth
Secret Example: dG9rZW4tMTIzNDU2Nzg5MGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6
Suspicious Activity Investigation Instructions:
- Review the Intercom activity logs for unusual access patterns or actions.
- Check for unexpected API calls or data exports in your Intercom account.
- Monitor for unauthorized changes to conversations, contacts, or settings.
- Review the OAuth applications connected to your Intercom account.
- Check for any unusual geographic access locations or times.
Mitigation Instructions:
- Log in to your Intercom account and navigate to the Developer Hub.
- Go to the OAuth section and locate the compromised token.
-
Click on "Revoke" next to the OAuth token to immediately invalidate it.
-
Generate a new OAuth token if needed for legitimate applications.
- Review and update permissions for any remaining OAuth integrations.
- Enable additional security features like two-factor authentication for your
Intercom account.
- Consider implementing IP restrictions for API access if available.
- Update any application code that was using the compromised token.