Security News > 2023 > January > CircleCI Urges Customers to Rotate Secrets Following Security Incident

CircleCI Urges Customers to Rotate Secrets Following Security Incident
2023-01-05 09:12

DevOps platform CircleCI on Wednesday urged its customers to rotate all their secrets following an unspecified security incident.

"Immediately rotate any and all secrets stored in CircleCI," CircleCI's chief technology officer, Rob Zuber, said in a terse advisory.

CircleCI is also recommending users to review internal logs for signs of any unauthorized access starting from December 21, 2022, to January 4, 2023, or until when the secrets are rotated.

It's just not CircleCI, as Slack disclosed on December 31, 2022, that it became aware of a security issue that entailed unauthorized access to a subset of its source code repositories on GitHub.

"No downloaded repositories contained customer data, means to access customer data, or Slack's primary codebase," the Salesforce-owned company said.

"The threat actor did not access other areas of Slack's environment, including the production environment, and they did not access other Slack resources or customer data."


News URL

https://thehackernews.com/2023/01/circleci-urges-customers-to-rotate.html