We’ve recently seen an increasing number of phishing attempts where unauthorized actors impersonate CircleCI to gain access to our users’ code repositories on GitHub. None of CircleCI’s systems have been compromised, and our customers’ data and information remain safe. The privacy and security of our customers’ data is paramount for CircleCI, and we want to remind you to stay vigilant and aware of attempts to gain access to code repositories.
Social engineering threats, like phishing scams, rely on sophisticated social engineering attacks or manipulation — not inherent vulnerabilities — to gain unauthorized access to systems and networks. To reiterate from our Discuss post, all authorized emails from CircleCI will only include links to circleci.com or its sub-domains, and we will never ask for users to log in to review updates to our Terms of Service.
We will continue to take steps to alert our community as we see future phishing attempts impersonating CircleCI. As these attempts arise, we alert our customers via in-app messaging, banner alerts, emails, our community forum, and our social media accounts. If you ever have questions about the validity of a message appearing to be from CircleCI, please do not hesitate to forward it to us for verification at firstname.lastname@example.org.
Thank you for your support and continued vigilance.