Circle C’s continuous integration and delivery service providers suspect an error in its systems and are urging its users to take action and protect their accounts while the matter is investigated further.
in the post (Opens in a new tab) In the company’s blog, CircleCi asked its customers to immediately take turns over any and all secrets stored in their systems. They can be stored in project environment variables or in contexts.
Furthermore, CircleCi recommends that its customers review the internal records of their systems, and search for any unauthorized access from December 21, 2022 through January 4, 2023, or until the moment all secrets have been traded. Finally, CircleCI said it had revoked all of its Project API tokens, forcing users to exchange them. More information on how to do this can be found at this link (Opens in a new tab).
Apology and no explanation
“We apologize for any disruption to your business,” the post notes. “We take the security of our systems and those of our customers very seriously. While we are actively investigating this incident, we are committed to sharing more details with customers in the coming days.”
The company hasn’t disclosed any additional details about the security incident it’s currently investigating, so we don’t know if any malware or viruses were deployed on its endpoints. (Opens in a new tab).
“At this point, we are confident that there are no unauthorized actors active in our systems; however, out of an abundance of caution, we want to ensure that all customers take certain precautions to protect your data as well,” the post reads.
While details are scarce, BleepingComputer found a report by security engineer Daniel Hückmann, who said it detected one of the IP addresses associated with the attack (54.145.167.181). According to the publication, this is the kind of information that can help incident response teams during their investigations.
It said “Looking at cloudtrail logs for events from this IP”. “I expect there are other indicators, but this one is highly accurate.”