Just got the following alert from them: CircleCI Security Alert - 4 Jan 2023 - Rotate any secrets stored in CircleCI.<p>We wanted to make you aware that we are currently investigating a security incident, and that our investigation is ongoing. We will provide you updates about this incident, and our response, as they become available. At this point, we are confident that there are no unauthorized actors active in our systems; however, out of an abundance of caution, we want to ensure that all customers take certain preventative measures to protect your data as well.<p>Action request:<p>Out of an abundance of caution, we strongly recommend that all customers take the following actions:
Immediately rotate any and all secrets stored in CircleCI. These may be stored in project environment variables or in contexts.
Discussion:<p><pre><code> - Looks like we were compromised. We started investigating.
- I am sorry for you, I hope my data is secure.
- We can already confirm there is nobody in our systems.
- How the hell would you know that already?
- Also, make sure you reset all your keys and secrets.
- What? Why?
- ...abundance of caution!</code></pre>
Discussion and advice for rotating secrets: <a href="https://news.ycombinator.com/item?id=34255319" rel="nofollow">https://news.ycombinator.com/item?id=34255319</a>