CircleCI recently disclosed a December 2022 incident in which customer data was misappropriated. Attackers misused session tokens to steal encryption keys and other sensitive information.

In a blog post, CTO Rob Zuber shed light on the breach. Cybercriminals had access to customer data until January 4 of this year.

Infected laptop

The incident was caused by a malware attack on an employee laptop. The malware slipped by CircleCI’s antivirus systems and allowed cybercriminals to access application session tokens used to authorize employees.

The cybercriminals subsequently accessed internal applications without two-factor authentication. The incident involved production systems hosting customer data. This made it possible to steal data from a subset of databases and storage locations, including tokens and encryption keys.

Changing credentials

According to CircleCI, the leak has since been plugged. Customers were urged to change passwords and other login credentials as soon as possible, including personal and project-based API tokens, Bitbucket OAuth and GitHub OAuth tokens.

Tip: GitHub warns of phishing campaign with ‘many victims’