With MongoHQ earlier this week admitting that it had been breached and its customer databases compromised, CircleCI is the latest company to step forward and reveal that it was one of those that was affected in turn.
On Tuesday, the company, which helps web developers deploy their code online, pulled its services offline after realising that MongoHQ had been breached. The previous day, it had noticed that one of its Amazon Web Services Identity and Access Management keys had been deleted, sparking the company into action.
Shortly after MongoHQ announced that it had been the victim of an attack, it notified CircleCI that its customer database was one of the few that had been accessed.
"To contain any potential risk, we determined that the best course of action was to shut down the CircleCI website and stop all builds. We also determined that it would be best to revoke all API tokens and SSH keys that we had access to, and work with upstream vendors to similarly protect users from possible exposure," CircleCI wrote in its incident response post.
In a similar fashion to what happened with Buffer, it began revoking all customer OAuth tokens associated with Heroku and GitHub, as these could no longer be trusted, as well as all SSH keys that were known.
CircleCI customers are not required to renew their OAuth tokens and replace their SSH keys, where affected. The company also advises customers to validate that their applications and code are unaltered, stating that it is possible that git repositories may have been written to and that Heroku environment variables and databases could have potentially been modified by an attacker.