CircleCI confirms customer data was stolen in malware-powered hack
A CircleCI employee with high privileges had their laptop compromised
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
CircleCi has confirmed that a recent security incident it has been investigating wasmalware-powered grand theft data.
The company revealed the news in ablog postthat described what recently happened, what it did to minimize the damage, and how it plans on keeping its users safe in the future.
In the blog, it was said that an employee with high privileges has had their laptop infected with token-stealing malware which gave the attackers keys to the kingdom.
Stealing data for weeks
The malware apparently managed to run on theendpointdespite the device having an antivirus program installed. The attackers used the tool to grab session tokens which kept the employee logged in to some applications.
When a user logs into an app, even if they did so with a password and a multi-factor authentication (MFA) tool, some apps drop session tokens which allow the users to remain logged into the app for prolonged periods of time. In other words, by stealing session tokens, the attackers effectively bypassed any MFA the company had set up.
After that, it was only a question of accessing the right production systems in order to compromise sensitive data.
“Because the targeted employee had privileges to generate production access tokens as part of the employee’s regular duties, the unauthorized third party was able to access and exfiltrate data from a subset of databases and stores, including customer environment variables, tokens, and keys,” the blog notes.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The threat actors lingered around CircleCI’s infrastructure for roughly three weeks - from December 16, 2022, to January 4, 2023.
CircleCI tells users to move their secrets following security alert>GitHub accounts are being stolen by fake CircleCI accounts>These are the best ID theft protection tools right now
Even the fact that the stolen data was encrypted didn’t help much, as the attackers obtained encryption keys, too.
“We encourage customers who have yet to take action to do so in order to prevent unauthorized access to third-party systems and stores,” the blog concluded.
CircleCi had asked its customers to rotate any and all secrets stored in its systems. “These may be stored in project environment variables or in contexts”.
Via:TechCrunch
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This dangerous new malware is hitting Windows devices by hiding in games
Windows PCs targeted by new malware hitting a vulnerable driver
How to watch Gold Rush season 15 online: live stream new episodes with a free trial
