Security Alert for customers using CircleCI with Pagely.
Incident Report for Pagely
Resolved
This security alert is now resolved, however we still urge customers to take precautions needed in the steps outlined within this alert. We've also provided the full incident report from CircleCI, which was posted on January 13th and that can be read on their blog:

https://circleci.com/blog/jan-4-2023-incident-report/
Posted Jan 21, 2023 - 00:45 UTC
Monitoring
CircleCI recently disclosed a security event on their blog: https://circleci.com/blog/january-4-2023-security-alert/

The nature of the disclosure relates to potential compromise of all secrets stored within a repository on the CircleCI platform.

While CircleCI has taken steps since the initial disclosure to automatically rotate what they can for you, there are certain things that rely on you to fully resolve the matter. We urge customers using CircleCI to take the following steps as soon as possible:

- Immediately rotate any and all secrets stored in CircleCI. There's a tool available to fetch all of your secrets from CircleCI. (https://github.com/CircleCI-Public/CircleCI-Env-Inspector)
- Delete and re-create any CI/CD Integrations or Webhook configurations in Atomic if they were used with CircleCI. Full documentation can be found here: https://support.pagely.com/hc/en-us/articles/360050828232-Automatically-Deploying-Your-WordPress-Site-with-CircleCI - after recreating your integrations, you will need to update the integration ID and secret within your pipeline configuration.
- If you are using SSH keys to perform any deployments, please regenerate those as well.

If you have any questions or concerns regarding this event, please do not hesitate to Contact Pagely Support: https://support.pagely.com/hc/en-us/articles/114094215332-Contacting-Support
Posted Jan 09, 2023 - 22:53 UTC
This incident affected: CI/CD Integrations.