from here

@here infosec has authorized us to share this about the CI issues (This may be shared internally to Red Hat. Please do not share externally to Red Hat.):
On April 8th 2024, Information Security was alerted to an external actor successfully authenticating to a large number of AWS API keys in a very quick succession. Our team immediately moved to determine whether or not this action originated with a Red Hatter or an external party and determined the source to be external to Red Hat.
During the investigation, it was discovered that the credentials which caused the alerts were part of a much larger leak due to an exposed etcd backup containing credentials populated from Openshift CI's Vault. As many of you are already aware, we have blocked access to all AWS credentials known to be in the leak, which is preventing CI jobs from running. This was done to prevent users from exposing new secrets while we were determining the source of the leaks and putting safeguards in place.
At this time, affected teams must rotate ALL SECRETS stored in the OpenShift CI Vault. Many of these secrets are known to have been viewed and downloaded by a threat actor outside of Red Hat and are compromised.
For more information on secret management in Vault, please review https://docs.ci.openshift.org/docs/how-tos/adding-a-new-secret-to-ci/ or contact the OpenShift CI (DPTP) team.
Once you have done this, please fill out the following form to indicate that it has been completed:
https://docs.google.com/forms/d/e/1FAIpQLSfQQcBDOfqy12hUIF7hgLyKcg5XPEF9nbAnN4_ld8tp5jU-FA/viewform?usp=pp_url
IMPORTANT: To ensure that each team has rotated the exposed secrets, completing this form is REQUIRED before your CI access can be unrestricted.
Thank you for your swift action.