In the past 24 hours, the world has learned of serious breaches hitting chat service Slack and software testing and delivery company CircleCI, though giving the companies’ opaque wording—“security issue” and “security incident,” respectively—you’d be forgiven for thinking these events were minor.

The compromises—in Slack’s case, the theft of employee token credentials and for CircleCI, the possible exposure of all customer secrets it stores—come two weeks after password manager LastPass disclosed its own security failure: the theft of customers’ password vaults containing sensitive data in both encrypted and clear text form. It’s not clear if all three breaches are related, but that’s certainly a possibility.

The most concerning of the two new breaches is the one hitting CircleCI. On Wednesday evening, the company reported a “security incident” that prompted it to advise customers to rotate “all secrets” they store on the service. The alert also informed customers that it had invalidated their Project API tokens, an event requiring them to go through the hassle of replacing them.

CircleCI says it’s used by more than 1 million developers in support of 30,000 organizations and runs nearly 1 million daily jobs. The potential exposure of all those secrets—which could be login credentials, access tokens, and who knows what else—could prove disastrous for the security of the entire Internet.

A lack of transparency

CircleCI is still tight-lipped about precisely what happened. Its advisory never used the words “breach,” “compromise,” or “intrusion,” but that’s almost certainly what happened. Exhibit A is the statement: “At this point, we are confident that there are no unauthorized actors active in our systems,” suggesting that network intruders were active earlier. Exhibit B: the advice that customers check internal logs for unauthorized access between December 21 and January 4.

Taking the statements together, it’s not a stretch to suspect threat actors were active inside CircleCI’s systems for two weeks. That’s plenty of time to collect an unimaginable amount of some of the…