Sign up to save your podcasts
Or
Share CircleCI CTO on How to Quickly Recover From a Malicious Hack
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
CircleCI CTO on How to Quickly Recover From a Malicious Hack
Just as everyone was heading out to the New Year's holidays last year, CTO Rob Zuber got a surprise of a most unwelcome sort. A customer alerted CircleCI to suspicious GitHub OAuth activity. Although the scope of the attack appeared limited, there was still no telling if other customers of the DevOps-friendly continuous integration and continuous delivery platform were impacted.
This notification kicked off a deeper review by CircleCI’s security team with GitHub, and they rotated all GitHub OAuth tokens on behalf of their customers. On January 4, the company also made the difficult but necessary decision to alert customers of this “security instance,” asking them to immediately rotate any and all stored secrets and review internal logs for any unauthorized access.
In this latest episode of The New Stack Makers podcast, we discuss with Zuber the attack and how CircleCI responded. We also talk about what other companies should do to avoid the same situation, and what to do should it happen again.
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
View all episodes
By The New Stack
4.3
3131 ratings
Just as everyone was heading out to the New Year's holidays last year, CTO Rob Zuber got a surprise of a most unwelcome sort. A customer alerted CircleCI to suspicious GitHub OAuth activity. Although the scope of the attack appeared limited, there was still no telling if other customers of the DevOps-friendly continuous integration and continuous delivery platform were impacted.
This notification kicked off a deeper review by CircleCI’s security team with GitHub, and they rotated all GitHub OAuth tokens on behalf of their customers. On January 4, the company also made the difficult but necessary decision to alert customers of this “security instance,” asking them to immediately rotate any and all stored secrets and review internal logs for any unauthorized access.
In this latest episode of The New Stack Makers podcast, we discuss with Zuber the attack and how CircleCI responded. We also talk about what other companies should do to avoid the same situation, and what to do should it happen again.
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
More shows like The New Stack Podcast
View all
Software Engineering Radio
273 Listeners
The Changelog: Software Development, Open Source
288 Listeners
The Cloudcast
155 Listeners
Thoughtworks Technology Podcast
42 Listeners
The New Stack Analysts
9 Listeners
Software Engineering Daily
624 Listeners
The New Stack @ Scale
3 Listeners
The TWIML AI Podcast (formerly This Week in Machine Learning & Artificial Intelligence)
430 Listeners
The New Stack Context
4 Listeners
AWS Podcast
205 Listeners
Syntax - Tasty Web Development Treats
983 Listeners
CoRecursive: Coding Stories
188 Listeners
Kubernetes Podcast from Google
182 Listeners
Practical AI
208 Listeners
The Stack Overflow Podcast
62 Listeners
Oxide and Friends
59 Listeners
Latent Space: The AI Engineer Podcast
96 Listeners
The Pragmatic Engineer
62 Listeners