A CircleCI security incident urged customers to rotate secrets

January 6, 2023
CircleCI Security Breach Customer Data Unauthorized Access Software Development SaaS

The customers of the software development service, CircleCI, recently received an email alert from the company about a security incident that warned them to rotate any and all their secrets. A detailed update has yet to be released, but CircleCI assured its customers that an investigation is in progress.

Some preventive measures are advised for the affected customers, including immediately rotating their stored secrets in CircleCI and reviewing internal system logs for any suspicious unauthorised access from December 21 to January 4 or upon they complete their secrets’ rotation.

These safety precautions are recommended to be accomplished until the company verifies that no unauthorised actors are active in their systems.


CircleCI users must quickly take action regarding the security incident.


In the released email notification, CircleCI stated that the customers’ circles needed for rotation are those stored in contexts or as project environment variables. For projects that use API tokens, the software development service has already invalidated them for users’ immediate replacement.

In one of the conducted analyses, a researcher found an IP address linked with the CircleCI security incident, which is documented to be According to the researcher, this information could be helpful for the ongoing investigation.

On the other hand, separate security researchers found it odd that the same day (December 21, 2022) the company published a “reliability update”, which talked about their commitment to providing better service to customers, was the same day the security breach transpired.

CircleCI admitted that in their previous reliability updates, their services had not aligned with user expectations as several internal issues continued to arise.

One of the most crucial security incidents against the software development firm includes a data breach incident in 2019 that compromised numerous user data, such as usernames and email addresses linked to GitHub and BitBucket accounts.

Moreover, another security incident in 2022 occurred, involving hackers exfiltrating users’ GitHub accounts using fake CircleCi email alerts sent to targeted individuals.

CircleCI said to update users with developments about the latest security incident once they gathered enough information from the investigations. For now, users must comply with the recommended actions to protect themselves from potential cyberattacks.

About the author

Leave a Reply