CirclCI Data Breach Exposed Customer GitHub And Bitbucket Logins

According to this link, https://www.scmagazineuk.com/circlci-data-breach-exposed-customer-github-bitbucket-logins/article/1595997, CircleCI has informed its clients that a third-party analytics vendor suffered an incident exposing login information for their GitHub and Bitbucket accounts.

  • The information compromised included usernames and email addresses associated with GitHub and Bitbucket and IP addresses and user agent strings
  • Additionally, organisation name, repository URLs and names, branch names, and repository owners may have been accessed
  • The breach affected customers who accessed the CircleCI platform starting June 30, 2019

EXPERTS COMMENTS
Saryu Nayyar, CEO,  Gurucul
September 10, 2019
In a poll we contacted at Black Hat USA 2019, 76% of IT security professionals said they have tightened up their third party defences.
Third party vendors are a type of insider threat that some organisations never consider. Supply chains, partner networks and contractors are important elements of growing a business. But as third-party access becomes more prolific, it becomes increasingly difficult to control which vendors have access to sensitive information. In a poll we contacted at Black Hat USA 2019, 76% of IT security professionals said they have tightened up their third party defences. Securing third party access is one of the best ways to protect against intentional or accidental data breaches so it’s great to see that so many organisations are taking the issue seriously.

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :



Join the Conversation

Join the Conversation


In this article