CircleCI says hackers stole encryption keys and customers’ secrets

Pixelman

Pixelman

Level 4
Thread author
Well-known
Jun 7, 2022
149
Content source
https://techcrunch.com/2023/01/14/circleci-hackers-stole-customer-source-code/
CircleCi, a software company whose products are popular with developers and software engineers, confirmed that some customers’ data was stolen in a data breach last month.

The company said in a detailed blog post on Friday that it identified the intruder’s initial point of access as an employee’s laptop that was compromised with malware, allowing the theft of session tokens used to keep the employee logged in to certain applications, even though their access was protected with two-factor authentication.

The company took the blame for the compromise, calling it a “systems failure,” adding that its antivirus software failed to detect the token-stealing malware on the employee’s laptop.
Click to expand...

techcrunch.com

CircleCI says hackers stole encryption keys and customers' secrets

In a post-mortem, CircleCi blamed malware stole an employee's session token allowing intruders to access customer data.
techcrunch.com techcrunch.com
 
  • Like
  • Thanks
Reactions: R2D2, Zero Knowledge, Stopspying and 3 others
Z

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
843
adding that its antivirus software failed to detect the token-stealing malware on the employee’s laptop.
Click to expand...
If they can intercept session tokens (cookies? YubiKey or hardware token? or 2FA codes or what?) they have the skill to avoid AV.

Sounds like a target OP by a nation state, or someone advanced.
 
  • Like
Reactions: Stopspying
You must log in or register to reply here.

Similar threads

Ink
    • Wow
    • +Reputation
    • Like
Cloud gaming firm, Shadow confirms customers' personal data was stolen
Replies
1
Views
1,272
News Archive
ForgottenSeer 103564
F
MuzzMelbourne
    • Wow
    • +Reputation
    • Like
LastPass says employee’s home computer was hacked and corporate vault taken
Replies
35
Views
2,256
News Archive
TairikuOkami
TairikuOkami
Stopspying
    • +Reputation
    • Like
GoTo says hackers stole customers' backups and encryption key
Replies
0
Views
454
News Archive
Stopspying
Stopspying

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top