Users who accessed the CircleCI platform between June 30, 2019, and August 31, 2019, are impacted by this incident.
The compromised user data includes usernames and email addresses associated with GitHub and Bitbucket, along with user IP addresses and user-agent strings.
What’s the matter?
CircleCI suffered a data breach incident compromising user data after an attacker gained unauthorized access to one of its third-party vendor account. Users who accessed the CircleCI platform between June 30, 2019, and August 31, 2019, are impacted by this incident.
What happened?
On August 31, 2019, a CircleCI team member noticed an email notification from one of their third-party analytics vendors and suspected that unusual activity was taking place in that particular vendor account. Upon which, the employee immediately forwarded the email to CircleCI security team and launched an investigation on the incident.
What data was involved?
The compromised user data includes usernames and email addresses associated with GitHub and Bitbucket, along with user IP addresses and user-agent strings.
The other exposed information includes organization names, repository URLs, branch names, and repository owners.
However, no CircleCI user secrets, auth tokens, password hashes, build artifacts, build logs, source code, Social Security numbers or credit card information were involved in the incident.
“Because the attacker was not able to access any production data or any data related to authentication on CircleCI, your team should be able to continue to access and use our platform as usual. Affected users do not need to update passwords or invalidate auth tokens due to this incident as these were not compromised,” CircleCI said in a security notice.
What actions are being taken?
Upon detecting the unusual activity in the vendor ..
Support the originator by clicking the read the rest link below.
