Last night we were alerted to an incident that occurred over May 18th-22nd (UTC), where an attacker managed to access a small number of Buildkite user accounts using email/password lists from publicly available data breach dumps. This attack is known as a "credential stuffing
" attack and relies on the fact that users will often use the same email and password across services and forget to change it.
We've reached out to admins of the few affected organizations, and are assisting them to determine the impact. If we haven't emailed you, your account hasn't been affected.
In response to this attack, we're rolling out changes to our authentication and login systems to prevent this type of attack being possible, and will continue to monitor for any further suspicious activity. We'll update this incident as we go.
As always, we're available for questions and assistance at firstname.lastname@example.org