Categories: Tech NewsTechCrunch+

CircleCI warns customers to rotate ‘any and all secrets’ after hack

CircleCI, a company whose development products are popular with software engineers, has urged users to rotate their secrets following a breach of the company’s systems.

The San Francisco-headquartered DevOps company said in an advisory published late Wednesday it is currently investigating the security incident — its most recent in recent years.

“We wanted to make you aware that we are currently investigating a security incident, and that our investigation is ongoing,” CircleCI CTO Rob Zuber. “At this point, we are confident that there are no unauthorized actors active in our systems; however, out of an abundance of caution, we want to ensure that all customers take certain preventative measures to protect your data as well.”

CircleCI, which claims its technology is used by more than a million software engineers, is advising users to rotate “any and all secrets” stored in CircleCI, including those stored in project environment variables or in contexts. Secrets are passwords or private keys that are used to connect and authenticate servers together.

For projects using API tokens, CircleCI said it has invalidated these tokens and users will be required to replace them.

CircleCI, which in 2021 announced a $100M Series F at a $1.7B valuation, hasn’t shared any more information about the nature of the incident and has yet to respond to TechCrunch’s questions.

However, the company is also advising users to audit their internal logs for unauthorized access occurring between December 21, 2022 and January 4, 2023, which suggests the company’s breach began some two weeks earlier. The company on December 21 also announced that it had released reliability updates to the service to resolve underlying “systemic issues.

In 2019, CircleCI was hit by a data breach after a third-party vendor was compromised. This saw hackers compromise user data including usernames and email addresses, usernames and email addresses associated with GitHub and Bitbucket, along with user IP addresses.

In November, CircleCI said that it had also witnessed an increasing number of phishing attempts whereby unauthorized actors were impersonating CircleCI to gain access to users’ code repositories on GitHub.

CircleCI warns customers to rotate ‘any and all secrets’ after hack by Carly Page originally published on TechCrunch

Recent Posts

Unlocking the Secrets of JSON.stringify(): More Than Meets the Eye

JSON (JavaScript Object Notation) is a lightweight data-interchange format widely used in web development. At…

2 months ago

How to Handle AJAX GET/POST Requests in WordPress

AJAX (Asynchronous JavaScript and XML) is a powerful technique used in modern web development that…

3 months ago

Page Speed Optimization: Post-Optimization Dos and Don’ts

Introduction After successfully optimizing your website for speed, it's essential to maintain and build upon…

3 months ago

Ultimate Guide to Securing WordPress Folders: Protect Your Site from Unauthorized Access

Securing your WordPress folders is crucial to safeguarding your website from unauthorized access and potential…

4 months ago

HTML CSS PHP File Upload With Circle Progress Bar

Creating a file upload feature with a circular progress bar involves multiple steps. You'll need…

5 months ago

Using WP Rocket with AWS CloudFront CDN

Integrating WP Rocket with AWS CloudFront CDN helps to optimize and deliver your website content…

5 months ago