CircleCI says hackers stole encryption keys and customers’ secrets

[Pixel_]

Content source

https://techcrunch.com/2023/01/14/circleci-hackers-stole-customer-source-code/

CircleCi, a software company whose products are popular with developers and software engineers, confirmed that some customers’ data was stolen in a data breach last month.

The company said in a detailed blog post on Friday that it identified the intruder’s initial point of access as an employee’s laptop that was compromised with malware, allowing the theft of session tokens used to keep the employee logged in to certain applications, even though their access was protected with two-factor authentication.

The company took the blame for the compromise, calling it a “systems failure,” adding that its antivirus software failed to detect the token-stealing malware on the employee’s laptop.

CircleCI says hackers stole encryption keys and customers' secrets

In a post-mortem, CircleCi blamed malware stole an employee's session token allowing intruders to access customer data.

techcrunch.com

 

[Zero Knowledge]

adding that its antivirus software failed to detect the token-stealing malware on the employee’s laptop.

If they can intercept session tokens (cookies? YubiKey or hardware token? or 2FA codes or what?) they have the skill to avoid AV.

Sounds like a target OP by a nation state, or someone advanced.

 

[HarborFront]

Which AV did they use which cannot id the malware?

 

[Zero Knowledge]

Which AV did they use?

Ask them? I think they would be searching for a new AV right this very moment, don't you?