Buried in the middle of the post is this most-important tidbit:
> Though all the data exfiltrated was encrypted at rest, the third party extracted encryption keys from a running process, enabling them to potentially access the encrypted data.
Unfortunately this was already a given since there were reports of users secrets (canary tokens) being used. They got the secrets for sure. It just wasn't clear how many they got. It doesn't matter though, you have to assume if you use CircleCI then your secrets were stolen. If you haven't rotated them then likely the only reason you haven't been compromised yet is out of luck.
Oh yeah, 100%. Even if they said the keys were for sure not leaked, I still would have rotated. Second I saw the disclosure on Jan 4, we went into emergency mode. Definitely not leaving that to chance.
> Though all the data exfiltrated was encrypted at rest, the third party extracted encryption keys from a running process, enabling them to potentially access the encrypted data.