{"UUID":"27e719b1-66c9-413b-8531-61e33031adc0","URL":"http://circleci.com/blog/mongohq-security-incident-response/","ArchiveURL":"https://web.archive.org/web/20180121023549if_/http://circleci.com/blog/mongohq-security-incident-response/","Title":"MongoHQ security breach impacting CircleCI customer data","StartTime":"2013-10-27T23:00:00Z","EndTime":"2013-10-30T13:25:00Z","Categories":["automation","config-change","security"],"Keywords":["mongohq","security","breach","circleci","github","heroku","aws","tokens"],"Company":"CircleCI","Product":"MongoHQ","SourcePublishedAt":"2013-10-30T14:25:18-07:00","SourceFetchedAt":"2026-05-04T19:51:21.76026Z","Summary":"CircleCI's database provider, MongoHQ, was breached on October 27, 2013, and CircleCI's MongoDB was among the databases accessed; CircleCI was holding GitHub OAuth tokens, Heroku API tokens, AWS IAM keys, and SSH deploy/user keys for customers in that database. On notification, CircleCI shut down the site and all builds, then worked with GitHub, Heroku, and AWS to revoke every OAuth token, API token, IAM key, and SSH key it had handed out, and cycled all of its own keys and caches.","Description":"On October 29, 2013, CircleCI was notified by their database provider, MongoHQ, that their systems had been compromised. CircleCI later confirmed that their MongoDB instance was among those accessed by attackers. The unauthorized access to CircleCI's database occurred late at night UTC on October 27, 2013.\n\nThe breach of MongoHQ's systems led to the potential exposure of sensitive customer data stored in CircleCI's database. This included GitHub OAuth tokens, Heroku API tokens, AWS IAM keys, and SSH deploy/user keys. Although there was no immediate evidence of exploitation, CircleCI took immediate preventative measures to protect user data.\n\nCircleCI's response began on October 29th, starting with shutting down their website and all builds to contain potential risk. They initiated a process to revoke all accessible API tokens and SSH keys. This involved contacting GitHub, Heroku, and Amazon to revoke customer-related tokens and keys.\n\nBy October 30th, CircleCI had completed the revocation of GitHub OAuth tokens, SSH deploy/user keys, and Heroku API tokens. They also cycled all their own keys and deleted caches. Users were advised to secure their systems accessible by SSH keys or API tokens stored in CircleCI, and to validate their applications and code for alterations."}