- CircleCI is a platform that helps developers release code quickly and automates builds. Recently, CircleCI found that there were security issues with their platform.
- CircleCI says it is confident that no unauthorized actors are currently active in its systems, but also recommends that all users rotate any secrets stored in it.
- The company apologizes to its users and plans to share more details in the coming days after completing the investigation.
CircleCI, the continuous integration & delivery platform that helps the development teams to release code rapidly and automate the build, Is facing a security issue. CircleCI reports that they are confident that there are no unauthorized actors active in their systems, it recommends all users rotate any and all secrets stored in it and review internal logs for their systems for any unauthorized access starting from December 21, 2022 to January 4, 2023.
Rotate your secrets for your security
CircleCI was compromised on December 21st, which means their “reliability update” release was on the same day it got compromised.
CircleCI Security Alert [4 Jan. 2023]
We strongly recommend all CircleCI customers rotate secrets stored on our system. Read more: https://t.co/fiB4PSXbiH pic.twitter.com/cewxH1Dd8e
— CircleCI (@CircleCI) January 5, 2023
In 2022, we covered a GitHub-published advisory about a phishing campaign because the attackers were sending emails to GitHub users that impersonate the CircleCI platform.