[bamboozled]

On December 29, 2022, we were alerted to suspicious GitHub OAuth activity by one of our customers. This notification kicked off a deeper review by CircleCI’s security team with GitHub.

What kind of freaks me out about this is that a customer notified Circle? If that customer hadn't of mentioned anything, where would we be now?

I have to say, it's a pretty impressive hack. I wonder who or what was behind it?

Also wondering why / how the attacker didn't get access to the runners?