5 January 2023

CircleCI discloses security breach, recommends users to rotate their CircleCI tokens


CircleCI discloses security breach, recommends users to rotate their CircleCI tokens

CircleCI, a company behind the eponymous continuous integration and continuous delivery(CI/CD) platform, is warning users that they should rotate all secrets stored in their CircleCI environments following a security breach.

In a short security advisory the CI/CD provider said it is currently investigating a security incident, without sharing any details regarding the nature of the breach, or when and how it occurred.

The company also recommends that users review internal logs for unauthorized access via CircleCI integrations that may have taken place between December 21, 2022 and January 4, 2023.

“At this point, we are confident that there are no unauthorized actors active in our systems; however, out of an abundance of caution, we want to ensure that all customers take certain preventative measures to protect your data as well,” the company said. “We will provide you updates about this incident, and our response, as they become available.”

In related news, business messaging app Slack disclosed a data breach where a threat actor got access to Slack’s private code repositories on GitHub using stolen employee tokens.

“On December 29, 2022, we were notified of suspicious activity on our GitHub account. Upon investigation, we discovered that a limited number of Slack employee tokens were stolen and misused to gain access to our externally hosted GitHub repository. Our investigation also revealed that the threat actor downloaded private code repositories on December 27. No downloaded repositories contained customer data, means to access customer data, or Slack’s primary codebase,” the company said.

Upon discovering the breach, the company invalidated the stolen tokens. Slack says that the intruder did not access other areas of its environment, including the production environment, and they did not access other Slack resources or customer data.

Back to the list

Latest Posts

Tornado Cash users’ funds at risk due to malicious code

Tornado Cash users’ funds at risk due to malicious code

The exploit primarily targeted users accessing Tornado Cash via IPFS gateways, like ipfs.io and cf-ipfs.com.
27 February 2024
Ransomware attack on Optum subsidiary disrupts healthcare services across the US

Ransomware attack on Optum subsidiary disrupts healthcare services across the US

The attack compromised Change Healthcare's IT systems, leading to widespread disruptions in pharmacy services across the US.
27 February 2024
New IDAT Loader variant uses steganography to deliver Remcos RAT

New IDAT Loader variant uses steganography to deliver Remcos RAT

While focusing their strategic efforts on entities in Ukraine, UAC-0184 seemingly aimed to broaden their scope to include further entities associated with Ukraine.
27 February 2024