According to this link, https://www.scmagazineuk.com/
- The information compromised included usernames and email addresses associated with GitHub and Bitbucket and IP addresses and user agent strings
- Additionally, organisation name, repository URLs and names, branch names, and repository owners may have been accessed
- The breach affected customers who accessed the CircleCI platform starting June 30, 2019
Third party vendors are a type of insider threat that some organisations never consider. Supply chains, partner networks and contractors are important elements of growing a business. But as third-party access becomes more prolific, it becomes increasingly difficult to control which vendors have access to sensitive information.
In a poll we contacted at Black Hat USA 2019, 76% of IT security professionals said they have tightened up their third party defences. Securing third party access is one of the best ways to protect against intentional or accidental data breaches so it’s great to see that so many organisations are taking the issue seriously.