CircleCI Urges Customers to Rotate Secrets After Security Incident
CircleCI, an American-born software development service, has announced a security threat and is urging users to rotate their secrets as a result.
CircleCI Warns Users After Security Issue
American DevOps platform CircleCI has issued a warning to its users to rotate their secrets after experiencing a security incident. This CI/CD platform is popular with software teams, providing continuous integration and delivery for the quickcreation of code. Over a million people and thousands of companies use this tool, though they are now being warned in the wake of this security incident.
In aCircleCI blog post, Chief Technology Officer Rob Zuber told users to “immediately rotate any and all secrets stored in CircleCI”, which “may be stored in project environment variables or in contexts.”
Circle also took to Twitter to warn customers of this issue.
Zuber wrote in the aforementioned blog post that customers should “review internal logs for their systems for any unauthorized access” starting from December 21, 2022, to January 4, 2023. Alternatively, users can review their internal logs after rotating their secrets. Additionally, Zuber mentioned that all Project API tokens have been invalidated, and therefore need to be replaced by users.
CircleCI Has Not Provided Details on the Security Incident
While CircleCI has notified users of a security issue and has offered advice forprotecting data, no information has yet been released on the nature of the problem. However, it seems that CircleCI intends to provide more details on the incident in the near future (as stated by Rob Zuber in his blog post on the matter).
This Isn’t the First CircleCI Security Incident
Though we don’t know the specifics of the security incident discussed here, we do know that CircleCI has dealt with breaches before.
In 2019, the company suffered a breach through the infiltration of a third-party analytics vendor. The attack operator managed to get a hold of usernames, email addresses, branch names, repository URLs, and IP addresses. At the time, the company warned users to review both their repository and branch names.
Take Action If You’re a CircleCI User
If you happen to use CircleCI, it’s worth considering the advice provided by the company after this security issue. Rotating your secrets and reviewing internal logs may help you to protect yourself against this possible security threat.
The password manager, LastPass, has been breached by hackers, which means your master passwords could be for sale.
The best features aren’t the ones being advertised.
Free AI tools are legitimately powerful; you just need to know how to stack them.
Turn these settings on, and your iPhone will be so much better than before.
This small feature makes a massive difference.
The fix was buried in one tiny toggle.
