The software development service CircleCI suffered a data security incident after which it urged users to rotate their secrets.
CircleCI has invalidated API tokens for projects using API tokens, and asked the users to replace them.
The breach compromised data such as usernames, passwords, email addresses, IP addresses, organizations, repositories, URLs, and others associated with the users’ GitHub and Bitbucket accounts.
TPRM report: https://scoringcyber.rankiteo.com/company/circleci
"id": "cir2325123",
"linkid": "circleci",
"type": "Data Leak",
"date": "12/2022",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Technology',
'name': 'CircleCI',
'type': 'Software Development Service'}],
'data_breach': {'type_of_data_compromised': ['usernames',
'passwords',
'email addresses',
'IP addresses',
'organizations',
'repositories',
'URLs']},
'description': 'The software development service CircleCI suffered a data '
'security incident after which it urged users to rotate their '
'secrets. CircleCI has invalidated API tokens for projects '
'using API tokens, and asked the users to replace them. The '
'breach compromised data such as usernames, passwords, email '
'addresses, IP addresses, organizations, repositories, URLs, '
'and others associated with the users’ GitHub and Bitbucket '
'accounts.',
'impact': {'data_compromised': ['usernames',
'passwords',
'email addresses',
'IP addresses',
'organizations',
'repositories',
'URLs',
'others associated with the users’ GitHub and '
'Bitbucket accounts']},
'response': {'communication_strategy': ['Urged users to rotate their secrets'],
'containment_measures': ['Invalidated API tokens for projects '
'using API tokens'],
'remediation_measures': ['Asked users to replace their API '
'tokens']},
'title': 'CircleCI Data Security Incident',
'type': 'Data Breach'}