CircleCi reveals cyber security incident

CircleCi, a provider of integration platform to developers and software engineers, has confirmed a cyber security incident.
IT network security issuesCircleCi informed that hackers have stolen data of some customers in a data breach last month. Its website says CircleCi’s integration platform is preferred by over 1 million engineers.

Though the employee’s access was secured with two-factor authentication, CircleCi said the intruder gained access through a laptop that was infected with malware, reports TechCrunch.

This vulnerable system allowed the theft of session tokens, which were used to keep the employee logged in to specific applications.

CircleCi accepted responsibility for the breach, saying it was a systems failure. CircleCi said its antivirus software failed to find the malware on the employee’s laptop that was stealing tokens. CircleCi did not reveal the name of its cyber security partners.

CircleCi said the theft of the session token allowed the hackers to use the employee’s identity to access some of the company’s production systems, which include customer data.

“Because the targeted employee had privileges to generate production access tokens as part of the employee’s regular duties, the unauthorized third party was able to access and filtrate data from a subset of databases and stores, including customer environment variables, tokens and keys,” said Rob Zuber, chief technology officer of CircleCi, blog post.

“We encourage customers who have yet to take action to do so in order to prevent unauthorized access to third-party systems and stores.”

He said that the hackers had access from December 16 through January 4.

Several customers have already informed the company of unauthorized access to their systems.

“We will initiate periodic automatic OAuth token rotation for all customers. Our plans also include a shift from OAuth to GitHub apps, enabling us to enforce more granular permissions within tokens. We also plan to complete a comprehensive analysis of all of our tooling configurations, including a third-party review,” Rob Zuber said.