Posted on January 15, 2023 at 3:01 PM
CircleCi stands as a software company, popular with software engineers and developers for its products. Recently, however, the company had confirmed that data of some of their customers had been stolen by way of a data breach that occurred last month.
Owning Up To Mistakes
On Friday, the company made a blog post that went into detail about the entire event. CircleCi explained that they had managed to identify the initial access point of the attacks: A malware-compromised laptop of an employee. This allowed the malicious actors to steal the session tokens of said employee, which is used to ensure employees stay logged in to certain applications. Unfortunately, this breach occurred despite the fact that two-factor authentication was active within said employee’s laptop.
CircleCi took official responsibility for the security breach. They declared that the breach was caused by a “systems failure,” and explained that the antivirus software they utilize had failed to identify the breach as well. Thus the malicious actor had managed to go undetected within said employee’s laptop.
Details About The Breach
As for what the session tokens are, to begin with, it’s a system that allows for an employee to stay logged in without the constant need to re-enter their password or constantly using two-factor authentication. On paper, it allows for a user to stay as safe as possible while not being heckled by administrative loads.
However, should a malicious actor gain access, like they did in this case, they can subsequently access some of the production systems of the company. Another problem is it’s subsequently difficult to determine when a malicious actor is using the tokens instead of an employee.
According to CircleCi, the systems that the malicious actor had managed to access had customer data stored within it. This occurred thanks to the targeted employee in question boasting privileges to generate production access tokens. Because of this, the third party was more than capable of exfiltrating data out of a subset of stores and databases.
Rob Zuber, the Chief Technology Officer of the company, highlighted that the information stolen includes keys, environment variables, as well as tokens. He also stated that these malicious actors had access to these systems between the dates of the 16th of December, 2022 and the 4th of January, 2023.
New Measures In Place
Zuber explained that the customer data was encrypted, as is the industry standard at this time, the malicious actors managed to ferret out the encryption keys for the data in question. As such, Zuber strongly urges all those affected by the data breach to take action if they haven’t already. This is in order to prevent malicious third-party access to systems and stores.
As it stands now, a number of customers had already notified CircleCi of unauthorized access on their respective systems.
The official statement has come a few days after the company gave an official warning to their customers. This warning urged said customers to immediately rotate “any and all” confidential data stored within its platform. CircleCi had feared that they had stolen the code of their customers, as well as various other sensitive secrets used within various other services and applications.
As always, prevention is the best medicine. Zuber highlighted that their employees that still retain access to the systems have employed more stringent controls, adding more authentication steps which is assured would probably prevent another such incident from occurring. One of the more likely candidates of what these measures entails could be the use of hardware security keys.
A Constant Struggle
As the world becomes more and more digital, it’s expected that big fish like CircleCi become more targeted. This isn’t the company’s first data breach, with one happening in 2019. Another key detail is the company stated that there was a significant uptick in phishing attempts against its customers.
This was said back in November of 2022, with the main trend being phishing attacks of malicious actors impersonating CircleCi employees to gain unlawful access to customer systems and information. The company had urged all of its readers to constantly stay vigilant against such attempts and to always be careful.
Within the technology space, the larger you are, the bigger target you have on your back. It’s an endless war between the security experts and the malicious actors, one that won’t end anytime soon. It’s a constant war between innovations of malicious actors and security experts