- Jun 7, 2022
CircleCi, a software company whose products are popular with developers and software engineers, confirmed that some customers’ data was stolen in a data breach last month.
The company said in a detailed blog post on Friday that it identified the intruder’s initial point of access as an employee’s laptop that was compromised with malware, allowing the theft of session tokens used to keep the employee logged in to certain applications, even though their access was protected with two-factor authentication.
The company took the blame for the compromise, calling it a “systems failure,” adding that its antivirus software failed to detect the token-stealing malware on the employee’s laptop.
In a post-mortem, CircleCi blamed malware stole an employee's session token allowing intruders to access customer data.