We have investigated all available resources and found no trace of unauthorized access. Data that could have been acquired in the CircleCI incident cannot be used to access our systems or our customers' data.
Posted Jan 23, 2023 - 11:36 GMT
Update
In relation to this incident, we recommend that all users who created Clockwork API tokens recreate them as an extra precaution.
Posted Jan 16, 2023 - 15:17 GMT
Investigating
On January 4th, we were made aware that CircleCI, one of the services used in our deployment process, suffered from a security incident. (see more details here: https://circleci.com/blog/january-4-2023-security-alert/). We have immediately undertaken the recommended actions. All the credentials and security keys that could have been exposed in the incident were rotated to secure communications between our systems.
So far, our investigations lead us to believe that we have not been compromised. This inquiry is still ongoing.
Data safety and transparency are at the core of our values; we will continue to strive to improve our practices.
We will update this page as the situation evolves.
Our last Issue Checklist outage was not caused by unauthorized access of any kind. It was, however, related to our maintenance actions undertaken to make sure our systems are secure.
Posted Jan 10, 2023 - 20:23 GMT
This incident affected: Clockwork Automated Timesheets (Clockwork Pro and Free).