Today we published incident report for our security incident disclosed on January 4 on our blog here:
Details about the incident and action required:
At this point, we are confident that there are no unauthorized actors active in our systems; however, out of an abundance of caution, we want to ensure that all customers take certain preventative measures to protect their data.
We will provide updates about this incident as soon as they become available.
Support article for more information on impact and steps to remedy:
I noticed that projects that don’t already use CircleCI (deleted .circleci/config.yml) still have environment variables. (This can be viewed by specifying the repository name directly in the URL https://app.circleci.com/settings/project/github///environment-variables).
Do I need to rotate credentials for such projects as well?