CirclCI Data Breach Exposed Customer GitHub And Bitbucket Logins
By   ISBuzz Team
Writer , Information Security Buzz | Sep 10, 2019 06:14 am PST

According to this link, https://www.scmagazineuk.com/circlci-data-breach-exposed-customer-github-bitbucket-logins/article/1595997, CircleCI has informed its clients that a third-party analytics vendor suffered an incident exposing login information for their GitHub and Bitbucket accounts.

  • The information compromised included usernames and email addresses associated with GitHub and Bitbucket and IP addresses and user agent strings
  • Additionally, organisation name, repository URLs and names, branch names, and repository owners may have been accessed
  • The breach affected customers who accessed the CircleCI platform starting June 30, 2019
Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Saryu Nayyar
Saryu Nayyar , CEO
September 10, 2019 2:16 pm

Third party vendors are a type of insider threat that some organisations never consider. Supply chains, partner networks and contractors are important elements of growing a business. But as third-party access becomes more prolific, it becomes increasingly difficult to control which vendors have access to sensitive information.

In a poll we contacted at Black Hat USA 2019, 76% of IT security professionals said they have tightened up their third party defences. Securing third party access is one of the best ways to protect against intentional or accidental data breaches so it’s great to see that so many organisations are taking the issue seriously.

Last edited 4 years ago by Saryu Nayyar
0
Reply

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

 

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts

1
0
Would love your thoughts, please comment.x
()
x