Credential stuffing attack
Incident Report for Buildkite
Resolved
We’ve seen no further suspicious activity, and have rolled out additional measures to prevent similar attacks in the future.

In light of the attack, we’re working on improvements to our documentation and platform to help you keep your Buildkite account secure. We’ll be posting these to the Buildkite Changelog as they’re released.

If you have any questions please contact support@buildkite.com
Posted 22 days ago. May 29, 2019 - 22:04 AEST
Update
We're continuing to monitor for further attacks, and have rolled out additional improvements to our authentication and monitoring systems.
Posted 24 days ago. May 27, 2019 - 21:16 AEST
Update
We are continuing to monitor for any further issues.
Posted 25 days ago. May 26, 2019 - 17:44 AEST
Monitoring
Last night we were alerted to an incident that occurred over May 18th-22nd (UTC), where an attacker managed to access a small number of Buildkite user accounts using email/password lists from publicly available data breach dumps. This attack is known as a "credential stuffing" attack and relies on the fact that users will often use the same email and password across services and forget to change it.

We've reached out to admins of the few affected organizations, and are assisting them to determine the impact. If we haven't emailed you, your account hasn't been affected.

In response to this attack, we're rolling out changes to our authentication and login systems to prevent this type of attack being possible, and will continue to monitor for any further suspicious activity. We'll update this incident as we go.

As always, we're available for questions and assistance at support@buildkite.com.
Posted 25 days ago. May 26, 2019 - 17:40 AEST
This incident affected: REST API.