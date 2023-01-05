Continuous Integration and Delivery Service Providers CircleCi suspects foul play in its systems and is urging its users to take action and protect their accounts as it investigates further.

In a after (opens in new tab) on its company blog, CircleCi asked its customers to immediately rotate all secrets stored in its systems. “These can be stored in project environment variables or in contexts”.

In addition, CircleCi recommends that customers review their systems’ internal logs and look for unauthorized access from December 21, 2022 through January 4, 2023, or until all secrets have been rotated. Finally, CircleCI said it invalidated all Project API tokens, forcing users to replace them. More information on how to do this can be found at this link (opens in new tab).

Apologies and no explanation

“We apologize for any disruption to your work,” the post notes. “We take the security of our systems and that of our customers very seriously. While we are actively investigating this incident, we are committed to sharing more details with customers in the coming days.”

The company has not disclosed additional details about the security incident it is currently investigating, so we don’t know if any malware or viruses were deployed on the endpoints (opens in new tab).

“At this time, we are confident that there are no unauthorized actors operating in our systems, but as a precaution, we want to ensure that all customers take certain preventive measures to protect your data as well,” the message reads. .

While details are scarce, BleepingComputer found a report from security engineer Daniel Hückmann, who said he saw one of the IP addresses associated with the attack (54.145.167.181). According to the publication, this is the kind of information that can help incident response teams in their investigations.

“Search cloudtrail logs for events from this IP address,” he said. “I expect there are other indicators, but this one is high fidelity.”