CircleCI partners AWS to identify and revoke keys affected by a security incident
According to CircleCI’s CTO, Rob Zuber, CircleCI is working with Amazon Web Services to notify customers who have AWS tokens that may have been impacted by the Jan. 4 security incident.
According to the blog post, AWS began sending updates to customers with lists of tokens that may have been impacted. CircleCI stated that it wishes to assist in identifying and revocation of any keys that may have been affected by the security incident.
In addition to sharing tools to assist teams in tracking down all potentially impacted secrets, CircleCI announced that it is collaborating with AWS to notify those who may have had their tokens compromised. CircleCI stated that the company proactively updated GitHub and Bitbucket 0Auth tokens as well. reported.
CircleCI also warned customers about a credential harvesting scam that was circulating, which attempted to trick victims into entering their GitHub logins via a bogus Terms of Service update. CircleCI stated that the AWS alert is related to the original Jan. 4 incident and that no new information has been discovered. The company issued a tweet to reassure customers that the information was not indicative of any other threat.
CircleCI announced earlier this week that on Jan. 17, it would send customers an incident report with additional information about the original security incident. While Zuber, the CTO originally advised customers to rotate their secrets last week, citing a security incident. However, the original post did not go into detail about what occurred.
Customers were advised to not only rotate secrets, but also to review internal logs for any unauthorized access dating back to December 21. Zuber updated customers on the company’s reliability issues from the previous year, but officials said the security incident is unrelated to those issues. According to the company, any connection between the dates is purely coincidental.
The goal of CircleCI’s collaboration with AWS, according to the company, is to help customers easily identify and revoke or rotate any potentially affected keys. They also stressed that “[a]t this time, there is no indication that your AWS account was accessed, only that there is a possibility the token stored in CircleCI was leaked, and therefore should be deleted from AWS and rotated.”
The sources for this piece include an article in SCMagazine.