Attacker accessed user details via compromised third-party vendor account
Continuous integration platform CircleCI has issued a warning over a data breach that may have resulted in users’ email and IP addresses being exposed.
In a security alert posted on the San Francisco-based company’s website yesterday, CircleCI said it was alerted to a suspicious email from a third-party analytics vendor on August 31.
“Our security teams began disabling the improperly accessed account at 2:43p.m. UTC, and completed the process by 3:00p.m. UTC,” the DevOps platform said.
Following an investigation, CircleCI spokesperson Sara Read concluded that “some user data was exposed” via the third-party vendor’s account, including usernames and email addresses associated with users’ GitHub and Bitbucket accounts.
User IP addresses, user agent strings, organization name, and repository URLs may also have been exposed.
Users’ team builds, source code, and build artifacts are not at risk from the incident, Read said, adding that affected users do not need to update passwords or invalidate auth tokens, as these were not compromised either.
However, given that the data include email addresses and related metadata, CircleCI warned users to be wary of targeted phishing campaigns that make use of the compromised information in order to put together more convincing scams.
The Daily Swig has asked CircleCI for an update on the estimated number of impacted users.
Current indications suggest that the incident only affects customers who accessed the platform between June 30 and August 31, 2019.
Potentially impacted users are being notified via email.
“Our security team is taking steps to further enhance our security practices to protect our customers, and we are looking into engaging a third-party digital forensics firm to assist us in the investigation and further remediation efforts,” Read said.
“While the investigation is ongoing, we believe the attacker poses no further risk at this time.”