CircleCI Warns Customers To Rotate 'Any and All Secrets' After Hack

CircleCI, a company whose development products are popular with software engineers, has urged users to rotate their secrets following a breach of the company's systems. From a report: The San Francisco-headquartered DevOps company said in an advisory published late Wednesday it is currently investigating the security incident -- its most recent in recent years. "We wanted to make you aware that we are currently investigating a security incident, and that our investigation is ongoing," CircleCI CTO Rob Zuber. "At this point, we are confident that there are no unauthorized actors active in our systems; however, out of an abundance of caution, we want to ensure that all customers take certain preventative measures to protect your data as well." CircleCI, which claims its technology is used by more than a million software engineers, is advising users to rotate "any and all secrets" stored in CircleCI, including those stored in project environment variables or in contexts. Secrets are passwords or private keys that are used to connect and authenticate servers together. For projects using API tokens, CircleCI said it has invalidated these tokens and users will be required to replace them.

Read more of this story at Slashdot.

from Slashdot https://ift.tt/9GnCgVO

Share on FacebookPlus on Google+

SUBSCRIBE TO OUR NEWSLETTER