Slot Gacor Gampang Menang Situs Slot Gacor

CircleCI says hackers stole encryption keys and customer secrets • TechCrunch

CircleCi, a software company whose products are popular with developers and software engineers, confirmed that some customers’ data was stolen in a data breach last month.

The company said in a detailed blog post on Friday that it identified the intruder’s first point of access as an employee’s laptop that was compromised with malware, which allowed the theft of session tokens used to keep the employee logged in to certain applications, even though the access theirs was protected with two-factor authentication.

The company took the blame for the compromise, calling it a “system error,” adding that its antivirus software failed to detect token-stealing malware on the employee̵[ads1]7;s laptop.

Session tokens allow a user to remain logged in without having to re-enter their password or re-authenticate using two-factor authentication each time. But a stolen session token allows an intruder to gain the same access as the account owner without needing the password or two-factor code. As such, it can be difficult to distinguish between a session token of the account owner, or a hacker who stole the token.

CircleCi said the theft of the session token allowed cybercriminals to impersonate the employee and gain access to some of the company’s production systems, which store customer data.

“Because the targeted employee had privileges to generate production access tokens as part of the employee’s regular duties, the unauthorized third party was able to access and exfiltrate data from a subset of databases and stores, including customer environment variables, tokens and keys,” it said Rob Zuber, the company’s chief technology officer. Zuber said the intruders had access from Dec. 16 to Jan. 4.

Zuber said that while customer data was encrypted, cybercriminals also obtained the encryption keys that could decrypt customer data. “We encourage customers who have not yet taken action to do so to prevent unauthorized access to third-party systems and stores,” Zuber added.

Several customers have already notified CircleCi of unauthorized access to their systems, Zuber said.

The autopsy comes days after the company warned customers to rotate “all secrets” stored on the platform, fearing hackers had stolen customers’ code and other sensitive secrets used to access other applications and services.

Zuber said CircleCi employees who retain access to production systems “have added additional step-up authentication steps and controls,” which should prevent a repeat incident, likely using hardware security keys.

The first point of access – token theft on an employee’s laptop – bears some resemblance to how password management giant LastPass was hacked, which also involved an intruder targeting an employee’s device, although it is not known whether the two incidents are Tied together. LastPass confirmed in December that its customers’ encrypted password vaults were stolen in a previous breach. LastPass said the attackers initially compromised an employee’s device and account access, allowing them to break into LastPass’ internal developer environment.

Updated header to better reflect the customer data captured.

Source link

Back to top button