The company strongly recommends that users rotate “any and all secrets” stored in CircleCI, including those stored in project environment variables or contexts. It also advises users to “review internal logs for any unauthorized access starting from Dec. 21, 2022, through Jan. 4, 2023.”