Sign up to save your podcasts
Or
Share CircleCI CTO on How to Quickly Recover From a Malicious Hack
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
CircleCI CTO on How to Quickly Recover From a Malicious Hack
Just as everyone was heading out to the New Year's holidays last year, CTO Rob Zuber got a surprise of a most unwelcome sort. A customer alerted CircleCI to suspicious GitHub OAuth activity. Although the scope of the attack appeared limited, there was still no telling if other customers of the DevOps-friendly continuous integration and continuous delivery platform were impacted.
This notification kicked off a deeper review by CircleCI’s security team with GitHub, and they rotated all GitHub OAuth tokens on behalf of their customers. On January 4, the company also made the difficult but necessary decision to alert customers of this “security instance,” asking them to immediately rotate any and all stored secrets and review internal logs for any unauthorized access.
In this latest episode of The New Stack Makers podcast, we discuss with Zuber the attack and how CircleCI responded. We also talk about what other companies should do to avoid the same situation, and what to do should it happen again.
View all episodes
By The New Stack
4.3
3131 ratings
Just as everyone was heading out to the New Year's holidays last year, CTO Rob Zuber got a surprise of a most unwelcome sort. A customer alerted CircleCI to suspicious GitHub OAuth activity. Although the scope of the attack appeared limited, there was still no telling if other customers of the DevOps-friendly continuous integration and continuous delivery platform were impacted.
This notification kicked off a deeper review by CircleCI’s security team with GitHub, and they rotated all GitHub OAuth tokens on behalf of their customers. On January 4, the company also made the difficult but necessary decision to alert customers of this “security instance,” asking them to immediately rotate any and all stored secrets and review internal logs for any unauthorized access.
In this latest episode of The New Stack Makers podcast, we discuss with Zuber the attack and how CircleCI responded. We also talk about what other companies should do to avoid the same situation, and what to do should it happen again.
More shows like The New Stack Podcast
View all
Hanselminutes with Scott Hanselman
377 Listeners
Software Engineering Radio - the podcast for professional software developers
265 Listeners
The Changelog: Software Development, Open Source
285 Listeners
The Cloudcast
153 Listeners
Thoughtworks Technology Podcast
40 Listeners
The New Stack Analysts
9 Listeners
Talk Python To Me
586 Listeners
Software Engineering Daily
629 Listeners
The New Stack @ Scale
3 Listeners
The TWIML AI Podcast (formerly This Week in Machine Learning & Artificial Intelligence)
436 Listeners
The New Stack Context
4 Listeners
AWS Podcast
200 Listeners
Kubernetes Podcast from Google
180 Listeners
Practical AI
189 Listeners
The Stack Overflow Podcast
63 Listeners
Oxide and Friends
47 Listeners
Latent Space: The AI Engineer Podcast
63 Listeners
The Pragmatic Engineer
52 Listeners