A security incident at CircleCI may have resulted in attackers gaining access to customers’ code development environments, the company warns.
Late Wednesday, CircleCI issued a brief security bulletin, warning customers to “rotate any secrets stored in CircleCI,” while it continues to investigate an apparent intrusion and data breach.
In the alert, CircleCI CTO Rob Zuber says attackers may have breached its platform for a two-week period over the recent Christmas and New Year’s holidays.
CircleCI is a continuous integration and continuous delivery platform that can be used to build automated development and testing pipelines. The company says its platform is used by over 1 million developers, including those at such organizations as Airbnb, Google, Meta, Okta and Salesforce.
The company has not stated whether it believes attackers were able to access, alter or steal source code.
“Out of an abundance of caution, we strongly recommend that all customers take the following actions,” Zuber says.