Pete Wright
anyone using #circleci get any communications from staff regarding yesterdays security incident? i've only found a message board with no details, and tons of people asking for scope of what's going on. i'm personally taking an approach that everything is compromised - but hoping to gain some insight.

kinda shocked they'd come out with such a seemingly critical blog post that they got fully owned then have provided zero follow-up. it's not like they are an inexpensive service either.
Jan 5, 2023 at 6:02pmWeb
Show threadPete WrightJan 5, 2023
ok finally an update from #circleci

https://support.circleci.com/hc/en-us/articles/11816211460891
Show threadPete WrightJan 5, 2023
FAQ from #circleci is available:

https://discuss.circleci.com/t/faq-compilation-security-alert-rotate-any-secrets-stored-in-circleci/46559
[FAQ Compilation] Security Alert - Rotate any secrets stored in CircleCI

On January 4, 2023, we identified a security incident that requires users to rotate any secrets stored in CircleCI. You can find the original post here: [CircleCI Security Alert] Rotate any secrets stored in CircleCI This post is to serve as a compiled list of questions and answers from the original post for easier access. Please continue to ask questions there, and we will update this post regularly as questions are answered. In addition, you can view the Support Article for more information...

CircleCI Discuss
Show threadJean-Paul de JongJan 5, 2023
@pete_wright Thank you :) All done already throughout today, but sadly this update still does not contain a statement nor comment regarding ongoing threats to their platform. #circleci
Show threadPete WrightJan 5, 2023
@dejongj %100 agree. And I only was made aware of it from a posting on their message board - haven't heard any official comms via email or call yet.

So I'm taking any assurances about the scope of this i see on the message boards with a grain of salt - seems like it's all hands on deck situation where they don't even know the full extent yet.
Show threadJean-Paul de JongJan 5, 2023
@pete_wright No comms other than a generic email that everyone got and matches their block. Same here, taking the approach that everything is compromised, and on that bases applied a containment approach. The challenge is, is it safe to add the new credentials? Or do we have to do it again :(
Show threadPete WrightJan 5, 2023
@dejongj that's my concern as well. i'm also suspicious about the health of the platform since i haven't seeing anything in the UI indicating an ongoing security incident.