CircleCI recently announced that they are investigating a security incident. While they haven’t yet provided any details of the incident or their responses, they have requested two immediate actions to be taken by their customers. The first is to rotate any and all secrets that are stored in CircleCI. This also includes any stored in project environment variables or in contexts. The second is for customers to review the internal logs for their systems for any unauthorised access starting from December 21 2022.
https://circleci.com/blog/january-4-2023-security-alert/
This segment was created for the It’s 5:05 podcast