Waydev: The Financial and Reputational Costs of a Data Breach

Waydev data breach incident was a clear example example of cyber security being compromised

On the 3rd July, US-based Git Analytics Platform provider Waydev revealed to ZDNet that it had suffered from a data breach. CEO and co-founder Alex Cercei of the San Francisco-based tech firm revealed that hackers had gained access to its database and stole GitHub and GitLab OAuth tokens. The company previously reviewed it had over 300 clients.

This article aims to provide an in-depth analysis of this data breach episode:

– Overview of a data breach on organisations;
– The aftermath of Waydev’s cyber security breach;
What companies value when selecting cloud-based solution providers;
– The BlueOptima approach regarding cyber security.

Overview of Data Breaches on Organisations

The financial costs of a compromise in cyber security aren’t insignificant. 

IBM’s latest research shows that data breach costs an organization on average $3.86m and requires 280 days to contain. In the United States, the cost is $8.64m, a significant increase from $3.54m in 2006. 

To make matters worse, market researcher Vanson Bourne in 2019 estimated that 60% of companies had experienced a security breach in the past two years. However, 77% of firms remain unprepared for such an event.

According to Forbes, 4.1 billion records in the first six months of 2019 were exposed due to data breaches. Equally troubling is the disproportionately high percentage of data breach cases associated with human error. The UK’s Information Commissioner Office’s (ICO) analysis suggests human errors are behind 90% of data breaches. 

Evidently the scale, financial burden and reputational damage of a data breach are significant, irrespective of the size of a company. 

The Aftermath of Waydev’s Cyber Security Breach

Waydev was able to patch up this vulnerability on the day of the hack itself, which was relatively quick by industry standards. However, the damage had already been done because extensive quantities of source codes were stolen. The stolen OAuth tokens belonged to two companies, both of whom blamed Waydev for their security breaches. 

LA-based Fintech giant Dave revealed that details of around 7.5 million users were compromised after the hackers published stolen data on public platforms. However, they were quick to stress that users’ financial information wasn’t affected and no customers experienced financial loss.  

Software testing service company Flood.io was the other high-profile organisation involved but has yet to disclose details regarding the breach. 

In response, Waydev announced they are working with cyber-security firm Bit Sentinel to investigate the breach and deploy security measures to protect all Waydev accounts. Despite decisive action, the reputational damage for Waydev will remain considerable. 

What Companies Value When Selecting Cloud-Based Solution Providers

Waydev’s data breach does explain why organisations are cautious when considering cloud-based solution providers as part of their overall IT strategy. The Flexera 2019 State of the Cloud Report states businesses’ SaaS spending is projected to increase by 44% from 2019 onwards. However, despite this increase, 66% of IT professionals’ chief concern is security, when adopting cloud into IT strategies.

In response, Waydev has been taking additional IT cyber security measures in deploying additional cloud security protections such as:

  • Introducing manual access for account creations to have to go through Waydev’s security team
  • Monitoring all activity across accounts
  • Resetting OAuth tokens two times a day

The BlueOptima Approach Regarding Cyber Security

Taking the previously mentioned unfavourable industry statistics into consideration, SaaS providers need to be prepared for any compromise in cyber security. However, this episode also demonstrates the effectiveness of BlueOptima’s hybrid cloud architecture approach. 

Waydev’s OAuth token approach was exploited, resulting in a security breach and threat to their customers’ source codes. This is why BlueOptima’s founders adopted a hybrid approach when designing its cloud architecture.

BlueOptima provides a SaaS engineering analytics platform powered by objective software development metrics. The platform allows organisations to understand the intellectual effort software developers invest when making changes to code. 

Historical revisions are analysed to produce a benchmark of the work delivered by software developers called Coding Effort. This enables organisations to objectively understand work output and improve the productivity of their software developers.

BlueOptima’s cloud architecture was specifically designed to prevent cloud security & data breaches. But how? The reason lies with our product only parsing through clients’ metadata when analysing source code revisions: no data ever leaves our clients’ network. 

Moreover, our software development performance analytics platform is fully automated, therefore eliminating the administrative burden on development teams and also any potential situations associated with human error. 

Our thoughtful and robust approach is the reason why companies, ranging from SMEs to Fortune 500 companies, trust BlueOptima. We deliver in terms of quality and security. 


It’s no surprise that IT leaders carry out stringent security protocols when adopting cloud-based solutions into their IT infrastructure. Security is a major priority when assessing new technology, and episodes like Waydev’s security breach is a clear factor behind this reasoning.

According to a study by Stripe and Harris Poll, 66% of C-level executives feel that a security or data breach is the greatest impediment towards business success. Therefore when IT leaders select cloud-based technology, they need to ask if all the stringent rules and regulations have been covered regarding cloud security and data storage.

Organisations want to know their data is secure, and SaaS providers are legally obliged to deliver. BlueOptima’s hybrid-architectural design can truly deliver on this security requirement and enable companies to achieve their full engineering potential.