S-RM has validated our findings by checking access logs from March 1 to May 5 for unauthorized or suspicious behavior. We remain confident in our assessment that API keys were not used by an unauthorized party. This date range was chosen to provide significant data from the past to confirm and validate expected behavior patterns and confirm there was no significant deviation.
Further we have confirmed most customer systems are protected by IP address restrictions in addition to API Keys and that there is no further action for customers once the key rotation is complete.
In terms of after action we have determined our own use of CloudFlare enterprise which includes automatic bot detection and prevention, along with other defense in depth security strategy reduced the overall risk of this incident.
In terms of areas of improvement, OpenWater has also since implemented additional anti-phishing measures and additional security controls around developer code repositories.