Sign up to save your podcasts
Or
Share CircleCI CTO on How to Quickly Recover From a Malicious Hack
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
CircleCI CTO on How to Quickly Recover From a Malicious Hack
Just as everyone was heading out to the New Year's holidays last year, CTO Rob Zuber got a surprise of a most unwelcome sort. A customer alerted CircleCI to suspicious GitHub OAuth activity. Although the scope of the attack appeared limited, there was still no telling if other customers of the DevOps-friendly continuous integration and continuous delivery platform were impacted.
This notification kicked off a deeper review by CircleCI’s security team with GitHub, and they rotated all GitHub OAuth tokens on behalf of their customers. On January 4, the company also made the difficult but necessary decision to alert customers of this “security instance,” asking them to immediately rotate any and all stored secrets and review internal logs for any unauthorized access.
In this latest episode of The New Stack Makers podcast, we discuss with Zuber the attack and how CircleCI responded. We also talk about what other companies should do to avoid the same situation, and what to do should it happen again.
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
View all episodes
By The New Stack
4.3
3131 ratings
Just as everyone was heading out to the New Year's holidays last year, CTO Rob Zuber got a surprise of a most unwelcome sort. A customer alerted CircleCI to suspicious GitHub OAuth activity. Although the scope of the attack appeared limited, there was still no telling if other customers of the DevOps-friendly continuous integration and continuous delivery platform were impacted.
This notification kicked off a deeper review by CircleCI’s security team with GitHub, and they rotated all GitHub OAuth tokens on behalf of their customers. On January 4, the company also made the difficult but necessary decision to alert customers of this “security instance,” asking them to immediately rotate any and all stored secrets and review internal logs for any unauthorized access.
In this latest episode of The New Stack Makers podcast, we discuss with Zuber the attack and how CircleCI responded. We also talk about what other companies should do to avoid the same situation, and what to do should it happen again.
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
More shows like The New Stack Podcast
View all
The New Stack Analysts
9 Listeners
The New Stack @ Scale
3 Listeners
The Changelog: Software Development, Open Source
289 Listeners
The a16z Show
1,089 Listeners
Software Engineering Daily
625 Listeners
Thoughtworks Technology Podcast
43 Listeners
The New Stack Context
4 Listeners
Y Combinator Startup Podcast
226 Listeners
Syntax - Tasty Web Development Treats
988 Listeners
CoRecursive: Coding Stories
190 Listeners
Practical AI
211 Listeners
AWS Podcast
203 Listeners
The Stack Overflow Podcast
63 Listeners
Dwarkesh Podcast
511 Listeners
Big Technology Podcast
494 Listeners
AI and I
33 Listeners
BG2Pod with Brad Gerstner and Bill Gurley
467 Listeners
AI + a16z
35 Listeners