CircleCI confirms customer data was stolen in malware-powered hack

CircleCi has confirmed that a recent security incident it has been investigating was malware -powered grand theft data. The company reveal...

CircleCi has confirmed that a recent security incident it has been investigating was malware-powered grand theft data.

The company revealed the news in a blog post that described what recently happened, what it did to minimize the damage, and how it plans on keeping its users safe in the future.

In the blog, it was said that an employee with high privileges has had their laptop infected with token-stealing malware which gave the attackers keys to the kingdom.

Stealing data for weeks

The malware apparently managed to run on the endpoint despite the device having an antivirus program installed. The attackers used the tool to grab session tokens which kept the employee logged in to some applications. 

When a user logs into an app, even if they did so with a password and a multi-factor authentication (MFA) tool, some apps drop session tokens which allow the users to remain logged into the app for prolonged periods of time. In other words, by stealing session tokens, the attackers effectively bypassed any MFA the company had set up. 

After that, it was only a question of accessing the right production systems in order to compromise sensitive data.

“Because the targeted employee had privileges to generate production access tokens as part of the employee’s regular duties, the unauthorized third party was able to access and exfiltrate data from a subset of databases and stores, including customer environment variables, tokens, and keys,” the blog notes. 

The threat actors lingered around CircleCI’s infrastructure for roughly three weeks - from December 16, 2022, to January 4, 2023.

Even the fact that the stolen data was encrypted didn’t help much, as the attackers obtained encryption keys, too. 

“We encourage customers who have yet to take action to do so in order to prevent unauthorized access to third-party systems and stores,” the blog concluded.

CircleCi had asked its customers to rotate any and all secrets stored in its systems. “These may be stored in project environment variables or in contexts”. 

Via: TechCrunch



from TechRadar - All the latest technology news https://ift.tt/FeXopih
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,188,Video,5,XIAOMI,13,YouTube - 9to5Google,187,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: CircleCI confirms customer data was stolen in malware-powered hack
CircleCI confirms customer data was stolen in malware-powered hack
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2023/01/circleci-confirms-customer-data-was.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2023/01/circleci-confirms-customer-data-was.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy