[BreachExchange] CirclCI data breach exposed customer GitHub and Bitbucket logins

Destry Winant destry at riskbasedsecurity.com
Wed Sep 11 10:25:30 EDT 2019


The software integration firm CircleCI is informing its clients a
third-party analytics vendor suffered an incident exposing login
information for their GitHub and Bitbucket accounts.

The company said in a statement it was informed of the breach on
August 31, but affected customers who accessed the CircleCI platform
starting June 30, 2019. The information compromised included usernames
and email addresses associated with GitHub and Bitbucket and IP
addresses and user agent strings. Additionally, organization name,
repository URLs and names, branch names, and repository owners may
have been accessed.

Other information in CircleCI’s possession was not involved.

“No CircleCI user secrets, build artifacts, build logs, source code,
or any other production data was accessed or exfiltrated during this
incident. No data used for authentication with CircleCI, such as auth
tokens and password hashes, was accessed, nor was any credit card or
financial information.

Once informed by the third-party vendor that the account had been
breached CircleCI’s team disabled the account and removed the
unauthorized user account within 15 minutes.

To prevent a similar event from happening in the future CircleCI is
reviewing its policies for enforcing 2FA sign on for third-party
accounts and transition to single sign-on (SSO) for all of our

More information about the BreachExchange mailing list