Pakistan Tech News

Weekly Must-ReadsView All
Popular Topics
Trending NowView All

CircleCI confirms that customer data was stolen in a malware-assisted hack

2 minute read
CircleCI confirms that customer data was stolen in a malware-assisted hack
Total
0
Shares
0
0
0

CircleCi confirmed that the latest security incident it was investigating was a massive data theft supported by malware.

The company revealed the news in a blog post that described what happened recently, what it did to minimize the damage, and how it plans to keep its users safe in the future.

It was said in the blog that a highly privileged employee had his laptop infected with token-stealing malware that gave attackers keys to the kingdom.

Weeks of data theft

It appears that the malware was able to run on the endpoint even though antivirus software was installed on the device. The attackers used the tool to obtain session tokens that kept an employee logged into some applications.

When a user signs into an application, even if they do so with a password and a multi-factor authenticator (MFA), some applications drop session tokens that allow users to remain signed into the application for extended periods of time. In other words, by stealing the session tokens, the attackers effectively bypassed any MFA that the company had created.

Then, it was just a matter of getting into the right production systems in order to put sensitive data at risk.

“Because the target employee had privileges to create production access tokens as part of the employee’s normal duties, the unauthorized third party was able to access and pull data from a subset of databases and stores, including client environment variables, tokens, and keys,” the blog notes.

These threat actors have been around CircleCI’s infrastructure for about three weeks – from December 16, 2022 to January 4, 2023.

Read more

> CircleCI tells users to transfer their secrets after a security alert

> GitHub accounts are being hijacked by fake CircleCI accounts

> These are the best identity theft protection tools out there right now

Even the fact that the stolen data was encrypted didn’t help much, as the attackers got hold of the encryption keys, too.

“We encourage customers who have not yet taken action to do so in order to prevent unauthorized access to third party systems and stores,” the blog concluded.

CircleCi asked its customers to take turns over any and all secrets stored in their systems. They can be stored in project environment variables or in contexts.

  • Check out the best firewalls today

Via: TechCrunch

Total
0
Shares
Share 0
Tweet 0
Pin it 0
Leave a Reply

Your email address will not be published. Required fields are marked *

Prev
Google’s next 4K Chromecast remote will say goodbye to batteries
Google's next 4K Chromecast remote will say goodbye to batteries

Google’s next 4K Chromecast remote will say goodbye to batteries

Google looks to have plans to change the worst thing about TV remotes and the

Next
Russian hackers are trying to get the worst out of ChatGPT
Russian hackers are trying to get the worst out of ChatGPT

Russian hackers are trying to get the worst out of ChatGPT

Russian cybercriminals have been caught trying to circumvent the restrictions on

You May Also Like