
Circle-CI analytics data breach - debrice
https://support.circleci.com/hc/en-us/articles/360034852194-Security-Incident-on-8-31-2019-Details-and-FAQs
======
siquick
Paste from the email

> We are writing to inform you of a recent security incident that affects your
> organization.

What happened:

On August 31st, the CircleCI team received an automated email from a third
party vendor notifying us that a database had been added as a destination for
CircleCI’s site analytics data. Our team had not added such a database, so
this notification was quickly followed up by an investigation, revealing that
site analytics data on this vendor account from the previous two months was
accessed by an unauthorized attacker. The compromised data includes
information such as usernames and email addresses associated with GitHub and
Bitbucket. The attacker did not access users’ passwords, auth tokens, source
code, or any other production data during the incident.

What we are doing to resolve the issue:

On August 31st, upon detecting the unauthorized access to our vendor account,
the compromised user account was immediately removed from the tool. Our
security team then reached out to the third-party vendor to collaborate
further on an investigation and disable the account used by the attacker.
CircleCI is continuing to collaborate with the third-party vendor on
remediation efforts and we have made it a top priority to prevent this type of
event from happening in the future.

What kind of user data was affected?

Based on what we have learned, some user data was exposed, including usernames
and email addresses associated with GitHub and Bitbucket, along with user IP
addresses and user agent strings. Additional information that was exposed in
the incident may include organization name, repository URLs and names, branch
names, and repository owners.

We can confirm that absolutely no CircleCI user secrets, build artifacts,
source code, or any other production data was accessed or exfiltrated during
this incident. We can also confirm that no credit card or financial
information was ever accessed by the attacker.

Our investigation has shown that the exfiltrated data is limited to site
analytics related to UI experiments and marketing campaigns - we have
confirmed that no data on the CircleCI platform, including data used for
authentication with CircleCI such as auth tokens or password hashes was
compromised.

Where to learn more:

We will update this incident FAQ page with more information as we continue our
investigation into this incident.

We take security incredibly seriously at CircleCI. While perfect security is
an impossible goal, we promise to do better. We sincerely apologize for this
incident, and any distress it may cause you or your team. We plan to use this
incident to improve our security and audit standards moving forward, and we
hope to earn your continued trust and support.

-The CircleCI Security Team

