• About
  • Privacy Policy
  • Editorial Principles
  • Why to trust us
  • Contact
Thursday, February 9, 2023
The 24 Hours
  • Home
  • Business
  • Technology
  • Scandals
  • Politics
Morning News
Home Technology

CircleCI says hackers stole encryption keys and customers’ source code • TechCrunch

admin by admin
January 15, 2023
in Technology
0
CircleCI says hackers stole encryption keys and customers’ source code • TechCrunch
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

READ ALSO

Global VC firm Partech reaches first close of largest African fund at €245 million • TechCrunch

Startups, here’s how you can make hardware without ruining the planet • TechCrunch

CircleCi, a software company popular with developers and software engineers, has confirmed that some customer data has been stolen. data breach last month.

company As mentioned in a detailed blog post On Friday, the intruder’s first access point was identified as a malware-infected employee’s laptop, allowing the employee to log into certain applications even though access was protected by two-factor authentication. A session token that is used to persist could be stolen.

The company took responsibility for the breach, calling it a “system failure,” adding that antivirus software failed to detect token-stealing malware on employee laptops.

Session tokens allow users to stay logged in without having to re-enter their password each time or re-authorize using two-factor authentication. But a stolen session token allows an intruder to gain the same access as the account owner without needing a password or her two-factor code. Therefore, it can be difficult to distinguish between the account owner’s session token and the hacker who stole the token.

CircleCi says the theft of session tokens allowed cybercriminals to impersonate its employees and gain access to some of the company’s production systems that store customer data.

“Because the targeted employee had the power to generate production access tokens as part of his normal job duties, an unauthorized third party could access a subset of our databases and stores, potentially harming our customers. We were able to exfiltrate data such as environment variables, tokens and keys,” said Rob Zuber, the company’s chief technology officer. Zuber said the intruder had access from December 16th until he was on January 4th.

Zuber said the customer data was encrypted, but the cybercriminals also obtained encryption keys that could decrypt the customer data. “We encourage customers who have not yet taken action to prevent unauthorized access to third-party systems and stores,” he added Zuber.

Several customers have already reported unauthorized access to their systems to CircleCi, Zuber said.

Postmortem analysis is done a few days after the company warned customers to rotate “all kinds of secrets” I feared hackers had stolen our customer’s source code and other sensitive information used to access other applications and services.

Zuber said CircleCi employees who retain access to production systems have “added additional step-up authentication procedures and controls.” Using hardware security keys.

The first point of access, the theft of tokens on employee laptops, is similar to how password manager giant LastPass was hacked. This included an intruder targeting employee devices, but it is unclear if the two incidents are related. LastPass announced in his December Customer encrypted password vault Stolen for previous violations. LastPass said intruders breached first Access to employee devices and accountsallows you to infiltrate LastPass’ internal developer environment.

Tags: CircleCIcodecustomersencryptionhackerskeyssourcestoleTechCrunch

Related Posts

Global VC firm Partech reaches first close of largest African fund at €245 million • TechCrunch
Technology

Global VC firm Partech reaches first close of largest African fund at €245 million • TechCrunch

February 8, 2023
Startups, here’s how you can make hardware without ruining the planet • TechCrunch
Technology

Startups, here’s how you can make hardware without ruining the planet • TechCrunch

February 6, 2023
Meta’s Reality Labs lost $13.7 billion on VR and AR last year • TechCrunch
Technology

Meta’s Reality Labs lost $13.7 billion on VR and AR last year • TechCrunch

February 4, 2023
China’s EV upstart Xpeng ready to take off with flying permit • TechCrunch
Technology

China’s EV upstart Xpeng ready to take off with flying permit • TechCrunch

February 2, 2023
Labor officials found that Apple execs infringed on workers’ rights • TechCrunch
Technology

Labor officials found that Apple execs infringed on workers’ rights • TechCrunch

January 31, 2023
Stripe eyes an exit, Dell bets on the cloud, and Shutterstock embraces generative AI • TechCrunch
Technology

Stripe eyes an exit, Dell bets on the cloud, and Shutterstock embraces generative AI • TechCrunch

January 29, 2023
Next Post
Russia hits cities across Ukraine with missile barrage

Russia hits cities across Ukraine with missile barrage

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

POPULAR NEWS

Is ChatGPT a ‘virus that has been released into the wild’? • TechCrunch

Is ChatGPT a ‘virus that has been released into the wild’? • TechCrunch

December 10, 2022
Sister Wives’ Robyn Tells Family ‘Leave Me the Hell Out’ of Drama

Sister Wives’ Robyn Tells Family ‘Leave Me the Hell Out’ of Drama

January 9, 2023
Tesla appears to be turning back to radar for its vehicles • TechCrunch

Tesla appears to be turning back to radar for its vehicles • TechCrunch

December 8, 2022
‘What’s the point of buying?’ China’s property woes push young to rent

‘What’s the point of buying?’ China’s property woes push young to rent

December 8, 2022
Chuck Schumer Moves To Isolate MAGA Republicans

Chuck Schumer Moves To Isolate MAGA Republicans

December 8, 2022

EDITOR'S PICK

Hey Dude’s Christine Taylor, David Lascher Look Back at Romance

Hey Dude’s Christine Taylor, David Lascher Look Back at Romance

December 14, 2022
Andy Cohen and Kathy Griffin’s Feud Through the Years

Andy Cohen and Kathy Griffin’s Feud Through the Years

January 1, 2023
Saodimallsu Leopard Print Sweater Is Seriously Fuzzy and Cozy

Saodimallsu Leopard Print Sweater Is Seriously Fuzzy and Cozy

December 26, 2022
Uber sues NYC Taxi & Limo Commission to block rate increase for drivers • TechCrunch

Uber sues NYC Taxi & Limo Commission to block rate increase for drivers • TechCrunch

December 12, 2022

About

The 24 Hours

The24Hours, our mission is to provide unfiltered, unbiased, fact-based news blog that empowers rather than unsettles.

Categories

  • Business
  • Technology
  • Scandals
  • Politics

Quick Links

  • About The24Hours
  • Contact Us
  • Editorial Principles
  • Why to trust us
  • Privacy Policy
  • Sitemap

Follow Us

  • Facebook
  • Twitter
  • Instagram
  • LinkedIn
  • Privacy Policy
  • Contact Us
  • Sitemap

  • Home
  • Politics
  • Business
  • Technology
  • Scandals

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More

Accept Decline Cookie Settings
I consent to the use of following cookies:
Cookie Declaration About Cookies
Necessary (0) Marketing (0) Analytics (0) Preferences (0) Unclassified (0)
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
We do not use cookies of this type.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
We do not use cookies of this type.
Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
We do not use cookies of this type.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
We do not use cookies of this type.
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
We do not use cookies of this type.
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
Cookie Settings