CirclCI Data Breach Exposed Customer GitHub And Bitbucket Logins

By   ISBuzz Team
Writer , Information Security Buzz | Sep 10, 2019 06:14 am PST

According to this link,, CircleCI has informed its clients that a third-party analytics vendor suffered an incident exposing login information for their GitHub and Bitbucket accounts.

  • The information compromised included usernames and email addresses associated with GitHub and Bitbucket and IP addresses and user agent strings
  • Additionally, organisation name, repository URLs and names, branch names, and repository owners may have been accessed
  • The breach affected customers who accessed the CircleCI platform starting June 30, 2019
Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Saryu Nayyar
Saryu Nayyar , CEO
InfoSec Expert
September 10, 2019 2:16 pm

Third party vendors are a type of insider threat that some organisations never consider. Supply chains, partner networks and contractors are important elements of growing a business. But as third-party access becomes more prolific, it becomes increasingly difficult to control which vendors have access to sensitive information.

In a poll we contacted at Black Hat USA 2019, 76% of IT security professionals said they have tightened up their third party defences. Securing third party access is one of the best ways to protect against intentional or accidental data breaches so it’s great to see that so many organisations are taking the issue seriously.

Last edited 4 years ago by Saryu Nayyar

Recent Posts

Would love your thoughts, please comment.x