On Wednesday September 16, 2020, CloudBees was notified by GitHub of suspicious activities targeting certain CodeShip accounts connected to GitHub via the CodeShip GitHub app and now deprecated CodeShip OAuth tokens. If your GitHub credentials are impacted, you already received or will shortly receive a notification from GitHub informing you of this incident.
The activities point to tokens being used to access the “/user/repos” GitHub API endpoint, which is used to list users’ GitHub repositories, including private repositories. It is possible your repositories were cloned, so please contact GitHub support as soon as possible.
As the suspicious activities involve user tokens, as a first step in response we revoked all GitHub related tokens and SSH keys to keep all accounts protected. You need to reauthenticate CodeShip with GitHub immediately to avoid a service impact.
- If you use GitHub to sign in to CodeShip, sign out of all CodeShip sessions and sign back in.
- If you have GitHub projects setup on CodeShip, first remove and reinstall the CodeShip GitHub app.
- Next, generate a new SSH key for each CodeShip project. This will enable CodeShip to clone the repository for builds again.
We are continuing to investigate the underlying issue and will update our blog to provide more information as soon as we better understand any additional implications and potential root causes.