Post-mortem and remediations for Apr 11 security incident

On April 11th we dealt with a major security incident impacting the infrastructure which runs the Matrix.org homeserver – specifically: removing an attacker who had gained superuser access to much of our production network. We provided updates at the time as events unfolded on April 11 and 12 via Twitter and our blog, but in this post weâll try to give a full analysis of what happened and, critically, what we have done to avoid this happening again in future.