Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

CircleCI Customer Data Exposed Through Third-Party Vendor

CircleCI, a San Francisco-based company that specializes in continuous integration and delivery solutions, on Thursday informed customers that some of their information may have been exposed through a third-party analytics vendor.

CircleCI, a San Francisco-based company that specializes in continuous integration and delivery solutions, on Thursday informed customers that some of their information may have been exposed through a third-party analytics vendor.

The DevOps firm said it became aware on August 31 that an attacker had gained access to some user data in its vendor account. An investigation is ongoing, but so far it appears that the incident impacts customers who accessed the CircleCI platform between June 30, 2019, and August 31, 2019.

“On August 31st at 2:32 p.m. UTC, a CircleCI team member saw an email notification from one of our third-party analytics vendors and suspected that unusual activity was taking place in this particular vendor account. The employee immediately forwarded the email to our security and engineering teams, at which point a comprehensive investigation was launched and steps were taken to ensure the situation was contained,” the company told customers.

The exposed data includes usernames and email addresses associated with Bitbucket and GitHub, user IP addresses, and user agent strings. Organization names, repository names and URLs, branch names, and repo owners may have also been exposed, CircleCI said.

However, the company claims the attacker did not gain access to any user secrets, build logs or artifacts, source code, or any other production data. Passwords, authentication tokens and financial information should also be safe.

CircleCI says the incident is unlikely to result in identity theft and assured customers that their builds and source code are not at risk. Customers have been told that they should be able to access and use the CircleCI platform without any problems, and they do not need to change passwords or revoke authentication tokens.

However, customers have been advised to review the exposed data as it might include sensitive business information. There is also a chance that malicious actors could leverage the compromised email addresses and related metadata for targeted phishing attacks, CircleCI warned.

“We’re continuing to collaborate with the third-party vendor to identify the exact vulnerability that caused the incident. In the meantime, we will review our policies for enforcing 2FA on third-party accounts to the extent possible, and continue our transition to single sign-on (SSO) for all of our integrations,” the company said.

Advertisement. Scroll to continue reading.

SecurityWeek has reached out to CircleCI to find out how many of its customers were affected by the incident. This article will be updated if the company responds.

CircleCI’s website says the company runs over 30 million builds every month on Linux, Windows and macOS. It claims to have thousands of customers, including Samsung, Ford, Facebook, GoPro, Kickstarter, Lyft, and Spotify. The company has raised over $115 million to date.

Related: 562,000 Impacted in XKCD Forum Data Breach

Related: Citrix Completes Investigation into Data Breach

Related: Over 328,000 Users Hit by Foxit Data Breach

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...