Following a breach of the company's systems, CircleCI, whose development products are popular with software engineers, has advised customers to rotate their secrets. This is to prevent a repetition of this incident. 

There are more than one million engineers who use the CI/CD platform as they expect to achieve the "speed and reliability" of their builds by relying on the service. An alert is sent to users about the incident by CircleCI. Currently, CircleCI is investigating a security incident, as indicated by emails that users have received from CircleCI regarding this incident. 

 

To be on the safe side, users are advised to rotate all secrets stored in CircleCI until the company concludes its investigation. The CircleCI CTO, Rob Zuber, wrote in a succinct advisory published on Wednesday that they will provide you with updates as soon as they become available about this incident. 

It was found that CircleCI believes that there are no unauthorized actors active in their system at this point; however, in the spirit of being extra cautious, they would encourage all customers to take the necessary precautions to ensure that their data is protected. It is recommended that customers should rotate both the secrets that are stored in project environment variables and within context variables.

 

CircleCI has invalidated API tokens used in projects, and users will be required to replace these tokens before they can start using CircleCI. During the investigation, Daniel Hückmann, who is an experienced security engineer, reported the presence of one of the IP addresses associated with the attack (54.145.167.181). 

As a result of this information, incident responders may be able to increase their ability to investigate their environment in the future. Besides, the DevOps company recommends that users audit their logs for any signs of unauthorized access occurring between December 21st, 2022, and January 4th, 2023. The purpose of this is to prevent the same event from happening again. 

 

The wording of CircleCI's 'reliability update' seems to suggest that CircleCI was compromised on December 21st - the same day it published the "reliability update" underlining its commitment to improving its services and reaffirming its commitment to enhancing security. 

 

A series of similar updates, beginning with a reliability update released in April of 2022, preceded its said reliability update, with CircleCI admitting that its reliability was not up to the standards of its users. Zuber wrote in a report that CircleCI is an organization dedicated to managing change to enable software teams to innovate faster. But lately, they have learned that our reliability has not met our customers' expectations. 

 

Following another unavailability in September 2022 as a result of a "significant portion of a day," CircleCI issued another such update to address the issue. This was causing many teams to struggle with managing their workload as a result of the problem. 

In recent years, CircleCI has faced a series of security issues that threaten its operations. A data breach occurred in mid-2019 at CircleCI due to the compromise of a third-party vendor which resulted in the loss of confidential information. 

In response, the data of some GitHub and Bitbucket users which includes their login credentials and email addresses including their GitHub and Bitbucket accounts were compromised. Further, it gives access to their IP addresses, company names, repositories' URLs, etc. 

An investigation was conducted in 2022 in which threat actors were caught using fake CircleCI email notifications to steal GitHub accounts from users, as a result of these phishing attempts, CircleCI was reassured at the time of their being secure since the fraudulent attempts did not necessarily come from latest compromise. Despite this, threat actors have been known to target customers of affected companies with phishing scams by using email addresses obtained from an earlier breach (such as the one found in 2019). 

 

In regards to the security incident that CircleCI announced on Wednesday, the company sincerely apologizes to all those who may have faced inconvenience following this announcement. When the investigation is concluded, the company intends to share additional information about the incident in the upcoming days.