Service Upgrade

Notice on Security Upgrade for Service Invocation by AccessKey

We have been committed to improving the security of our cloud services in order to assist you in better protection of your account and assets on Alibaba Cloud.

AccessKey is a credential used to verify your identity when you call the Alibaba Cloud API. AccessKey leakage may threaten the security of all resources under your account, causing generation of unexpected fees and even malicious extortion. In severe cases, it may even cause harm to Alibaba Cloud and other users. In order to prevent suspected leaked AccessKeys from causing a wider range of fraudulent use of identity credentials, Alibaba Cloud plans to upgrade its security strategy on the service invocation process. The details are as follows:

1. Alibaba Cloud will notify you when we notice from external sources that your AccessKeys have been made public. Meanwhile, to ensure the security of your business and data , Alibaba Cloud will prohibit such Accesskeys from calling certain functions of the Resource Access Management (RAM), including IMS service and RAM service, and restrict the creation and modification of user and role identities, AccessKeys, and permissions through such AccessKeys. Please check our email or message notifications in a timely manner and take necessary actions in accordance with your business needs. You should also keep close attention to the cloud resource changes under your account to avoid any impact on the normal operation of your businesses. We will implement the foregoing security measure from 9:00am (UTC+8) on April 18, 2024.

2. Alibaba Cloud may provide reasonable clues regarding the AccessKey that has been made public in our notification to you for your reference. After you have confirmed the completion of any necessary security measures from your side, we will cease the prohibition and restrictions over the AccessKey according to your instructions.

3.You understand and agree that Alibaba Cloud cannot keep track of the security of all your AccessKeys. The foregoing security measure does not change your responsibility to ensure the security of your AccessKeys. According to the shared responsibility model, the security responsibility on the cloud is shared between you and Alibaba Cloud. AccessKey is the access right credential created by you under your account for identity verification and please note that it is your responsibility to ensure the security of your AccessKeys.

If you have any questions, please contact us through ticketor service hotline.