CircleCI advises customers to "rotate their secrets."
CircleCI warns of breach.
Continuous integration and continuous delivery platform CircleCI has disclosed a security incident that began on December 21st, BleepingComputer reports.
CircleCI customers should rotate their secrets.
The company hasn’t released many details about the incident, but customers are asked to “rotate any and all secrets stored in CircleCI” as soon as possible. CircleCI also says that it’s confident that the risk has been eliminated, and the company is working with third-party investigators to “validate the steps and actions of our investigation.”
CircleCI concluded, “While we are actively investigating this incident, we are committed to sharing more details with customers in the coming days.”
Industry comment.
Leonid Belkind, co-founder and CTO of Torq, stated, “It is absolutely critical that CircleCI users immediately rotate their secrets to mitigate the potentially damaging effects of this large-scale breach,” said Leonid Belkind, CTO and co-founder, Torq, a security automation vendor. “Doing so is critical for business continuity. Future breaches are inevitable in this volatile security environment. Our recommendation is that rotating secrets should be considered a key routine necessity, as opposed to an optional action going forward. Security automation is essential in ensuring rotating secrets happens on a cyclical basis, without creating additional burdens for security professionals.”