CircleCI confirms customer data was stolen in malware-powered hack

By Krishna Rao On Jan 17, 2023

TEMU Affiliate Program 2024: Earn Up to £100,000 a month!

Mar 28, 2024

How is eBPF Revolutionizing Kubernetes Scaling

Jan 20, 2024

CircleCi has confirmed that a recent security incident it has been investigating was malware-powered grand theft data.

The company revealed the news in a blog post (opens in new tab) that described what recently happened, what it did to minimize the damage, and how it plans on keeping its users safe in the future.

In the blog, it was said that an employee with high privileges has had their laptop infected with token-stealing malware which gave the attackers keys to the kingdom.

Stealing data for weeks

The malware apparently managed to run on the endpoint despite the device having an antivirus program installed. The attackers used the tool to grab session tokens which kept the employee logged in to some applications.

When a user logs into an app, even if they did so with a password and a multi-factor authentication (MFA) tool, some apps drop session tokens which allow the users to remain logged into the app for prolonged periods of time. In other words, by stealing session tokens, the attackers effectively bypassed any MFA the company had set up.

After that, it was only a question of accessing the right production systems in order to compromise sensitive data.

“Because the targeted employee had privileges to generate production access tokens as part of the employee’s regular duties, the unauthorized third party was able to access and exfiltrate data from a subset of databases and stores, including customer environment variables, tokens, and keys,” the blog notes.

The threat actors lingered around CircleCI’s infrastructure for roughly three weeks – from December 16, 2022, to January 4, 2023.

Even the fact that the stolen data was encrypted didn’t help much, as the attackers obtained encryption keys, too.

“We encourage customers who have yet to take action to do so in order to prevent unauthorized access to third-party systems and stores,” the blog concluded.

CircleCi had asked its customers to rotate any and all secrets stored in its systems. “These may be stored in project environment variables or in contexts”.

Via: TechCrunch (opens in new tab)

Read original article here

Denial of responsibility! TechnoCodex is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.