• About
  • Privacy Policy
  • Editorial Principles
  • Why to trust us
  • Contact
Monday, May 29, 2023
The 24 Hours
  • Home
  • Business
  • Technology
  • Scandals
  • Politics
Morning News
Home Technology

CircleCI says hackers stole encryption keys and customers’ source code • TechCrunch

admin by admin
January 15, 2023
in Technology
0
CircleCI says hackers stole encryption keys and customers’ source code • TechCrunch
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

READ ALSO

Explaining Blockchain Capital’s Big Bet on an Eyeball-Scanning Orb

Dyson upgrades its vacuums and air purifiers

CircleCi, a software company popular with developers and software engineers, has confirmed that some customer data has been stolen. data breach last month.

company As mentioned in a detailed blog post On Friday, the intruder’s first access point was identified as a malware-infected employee’s laptop, allowing the employee to log into certain applications even though access was protected by two-factor authentication. A session token that is used to persist could be stolen.

The company took responsibility for the breach, calling it a “system failure,” adding that antivirus software failed to detect token-stealing malware on employee laptops.

Session tokens allow users to stay logged in without having to re-enter their password each time or re-authorize using two-factor authentication. But a stolen session token allows an intruder to gain the same access as the account owner without needing a password or her two-factor code. Therefore, it can be difficult to distinguish between the account owner’s session token and the hacker who stole the token.

CircleCi says the theft of session tokens allowed cybercriminals to impersonate its employees and gain access to some of the company’s production systems that store customer data.

“Because the targeted employee had the power to generate production access tokens as part of his normal job duties, an unauthorized third party could access a subset of our databases and stores, potentially harming our customers. We were able to exfiltrate data such as environment variables, tokens and keys,” said Rob Zuber, the company’s chief technology officer. Zuber said the intruder had access from December 16th until he was on January 4th.

Zuber said the customer data was encrypted, but the cybercriminals also obtained encryption keys that could decrypt the customer data. “We encourage customers who have not yet taken action to prevent unauthorized access to third-party systems and stores,” he added Zuber.

Several customers have already reported unauthorized access to their systems to CircleCi, Zuber said.

Postmortem analysis is done a few days after the company warned customers to rotate “all kinds of secrets” I feared hackers had stolen our customer’s source code and other sensitive information used to access other applications and services.

Zuber said CircleCi employees who retain access to production systems have “added additional step-up authentication procedures and controls.” Using hardware security keys.

The first point of access, the theft of tokens on employee laptops, is similar to how password manager giant LastPass was hacked. This included an intruder targeting employee devices, but it is unclear if the two incidents are related. LastPass announced in his December Customer encrypted password vault Stolen for previous violations. LastPass said intruders breached first Access to employee devices and accountsallows you to infiltrate LastPass’ internal developer environment.

Tags: CircleCIcodecustomersencryptionhackerskeyssourcestoleTechCrunch

Related Posts

Explaining Blockchain Capital’s Big Bet on an Eyeball-Scanning Orb
Technology

Explaining Blockchain Capital’s Big Bet on an Eyeball-Scanning Orb

May 27, 2023
Dyson upgrades its vacuums and air purifiers
Technology

Dyson upgrades its vacuums and air purifiers

May 23, 2023
A young billionaire buys Forbes, a startup offers free TVs and ChatGPT goes mobile
Technology

A young billionaire buys Forbes, a startup offers free TVs and ChatGPT goes mobile

May 21, 2023
Gary Marcus is happy to help regulate AI on behalf of the U.S. government
Technology

Gary Marcus is happy to help regulate AI on behalf of the U.S. government

May 19, 2023
Wefox secures new funding at $4.5 billion valuation as it aims for profitability
Technology

Wefox secures new funding at $4.5 billion valuation as it aims for profitability

May 17, 2023
Software snafus abound, Nuro makes more cuts and VinFast takes the SPAC road
Technology

Software snafus abound, Nuro makes more cuts and VinFast takes the SPAC road

May 15, 2023
Next Post
Russia hits cities across Ukraine with missile barrage

Russia hits cities across Ukraine with missile barrage

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

POPULAR NEWS

Sister Wives’ Robyn Tells Family ‘Leave Me the Hell Out’ of Drama

Sister Wives’ Robyn Tells Family ‘Leave Me the Hell Out’ of Drama

January 9, 2023
Is ChatGPT a ‘virus that has been released into the wild’? • TechCrunch

Is ChatGPT a ‘virus that has been released into the wild’? • TechCrunch

December 10, 2022
Tesla appears to be turning back to radar for its vehicles • TechCrunch

Tesla appears to be turning back to radar for its vehicles • TechCrunch

December 8, 2022
‘What’s the point of buying?’ China’s property woes push young to rent

‘What’s the point of buying?’ China’s property woes push young to rent

December 8, 2022
Trump Appears To Be Terrified Of Special Counsel Jack Smith

Trump Appears To Be Terrified Of Special Counsel Jack Smith

January 15, 2023

EDITOR'S PICK

Prewave pulls in $20M as supply chain tech investments remain on VC radars

Prewave pulls in $20M as supply chain tech investments remain on VC radars

May 9, 2023
South Korean financial super app Toss closes $405M Series G as valuation rises 7% • TechCrunch

South Korean financial super app Toss closes $405M Series G as valuation rises 7% • TechCrunch

December 20, 2022
Don’t stop writing, or your words will vanish off the page • TechCrunch

Don’t stop writing, or your words will vanish off the page • TechCrunch

December 26, 2022
A peek into the future as Sam Altman sees it • TechCrunch

A peek into the future as Sam Altman sees it • TechCrunch

January 17, 2023

About

The 24 Hours

The24Hours, our mission is to provide unfiltered, unbiased, fact-based news blog that empowers rather than unsettles.

Categories

  • Business
  • Technology
  • Scandals
  • Politics

Quick Links

  • About The24Hours
  • Contact Us
  • Editorial Principles
  • Why to trust us
  • Privacy Policy
  • Sitemap

Follow Us

  • Facebook
  • Twitter
  • Instagram
  • LinkedIn
  • Privacy Policy
  • Contact Us
  • Sitemap

  • Home
  • Politics
  • Business
  • Technology
  • Scandals

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More

Accept Decline Cookie Settings
I consent to the use of following cookies:
Cookie Declaration About Cookies
Necessary (0) Marketing (0) Analytics (0) Preferences (0) Unclassified (0)
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
We do not use cookies of this type.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
We do not use cookies of this type.
Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
We do not use cookies of this type.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
We do not use cookies of this type.
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
We do not use cookies of this type.
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
Cookie Settings