CircleCI Reveals Malware Attack as the Cause of Recent Security Breach, Advises Developers to Rotate Secrets and API Tokens
– 1 min read
On January 4, CircleCI advised software developers that use their platform to rotate secrets and API tokens. In a post-mortem on the breach, published on January 13, the company offered a detailed description of the events that led to the attack.
CircleCI stated that it first became aware of the attack on December 29 when one of its customers reported “suspicious GitHub OAuth activity”.
An investigation was launched, involving CircleCI’s security team and GitHub, which revealed that an unauthorized third party had used malware deployed to an engineer’s laptop to steal a valid, 2FA-backed SSO session on or around December 16.
As a result of the attack, CircleCI has restricted employee access to its production systems and rebuilt its production environment with clean hosts, revoked project API tokens and rotated Bitbucket and GitHub OAuth tokens.
Author
The Editorial Team at Security Land is comprised of experienced professionals dedicated to delivering insightful analysis, breaking news, and expert perspectives on the ever-evolving threat landscape
Comments
