We have become aware of a website impersonating the CircleCI brand, presumably for malicious purposes. Our Legal team is working with peer organizations to have the website taken down.
Please use caution when accessing websites purporting to be CircleCI. Authentic CircleCI websites will always use (or redirect to) circleci.com or a subdomain of circleci.com, such as app.circleci.com or support.circleci.com.
While we are not aware of any organizations that have been compromised by the operators of the fraudulent website, please exercise caution.
Here are some additional details based on questions we’ve received.
We are not aware of anyone compromised by the actors operating the website.
We do not currently have any non-public information about it, specific information about how it would be used as an attack vector or actual/potential indicators of compromise.
Our Legal team has reached out to try to get it taken down.
We would always advise users to be mindful of legitimate domain names. We intentionally did not broadcast the presumably malicious domain name in our communications. If this detail is needed for your company’s internal investigation, we would recommend the security contact email security@circleci.com.