"CircleCI Confirms Data Breach Was Caused By Infostealer on Employee Laptop"

Continuous integration and delivery platform CircleCI has recently confirmed that a data breach that occurred on January 04, 2023, was caused by an infostealer being deployed on an employee's laptop.  The company noted that they learned that an unauthorized third party leveraged malware deployed to a CircleCI engineer's laptop in order to steal a valid, 2FA-backed SSO session.  This machine was compromised on December 16, 2022.  According to Rob Zuber, CircleCI's chief technology officer (CTO), the antivirus program did not detect the malware.  Zuber noted that their investigation indicates that the malware was able to execute session cookie theft, enabling them to impersonate the targeted employee in a remote location and then escalate access to a subset of their production systems.  The executive added that because the targeted employee had privileges to generate production access tokens, the attacker was able to potentially access and steal data from a subset of databases and stores.  Zuber noted that though all the data exfiltrated was encrypted at rest, the third party extracted encryption keys from a running process, enabling them to potentially access the encrypted data.  Despite the data breach and ongoing investigation, the CTO said that customers can now return to safely build using the CircleCI platform.

Infosecurity reports: "CircleCI Confirms Data Breach Was Caused By Infostealer on Employee Laptop"