CircelCI Security Alert
Incident Report for Snyk
Resolved
This incident has been resolved.
Posted Jan 23, 2023 - 20:37 UTC
Monitoring
A fix has been implemented and we are monitoring the results.
Posted Jan 10, 2023 - 21:51 UTC
Update
Yesterday (2023-01-05) Snyk was made aware of a potential security incident via a tool in our supply chain: https://circleci.com/blog/january-4-2023-security-alert/

Investigations have found no indication of unauthorised access to Snyk resources. As a precautionary measure, all secrets and tokens stored within Snyk’s CircleCI have been rotated.

We will continue to monitor the situation.
Posted Jan 06, 2023 - 17:18 UTC
Update
As of this morning (2023-01-05) Snyk was made aware of a potential security incident (https://circleci.com/blog/january-4-2023-security-alert/) with a tool in our supply chain.

At present we have no indication of any breach of Snyk data or credentials. We are continuing to actively investigate this report.
Posted Jan 05, 2023 - 10:48 UTC
Investigating
We are currently investigating this issue.
Posted Jan 05, 2023 - 10:46 UTC