CircleCi, a software company whose products are popular with developers and software engineers, has confirmed that some of its customers’ data was stolen in a data breach last month.
The company said in a detailed blog post on Friday that it identified the thief’s first point of entry as an employee’s laptop that was infected with malware, allowing the theft of meeting credentials. used to keep employees logged in to certain applications, even logging in. is protected by two-factor authentication.
The company took the blame for the compromise, calling it a “system failure,” adding that its antivirus software missed the identity-stealing malware on the employee’s behalf.
Session tokens allow users to stay logged in without having to repeatedly enter a password or re-authorize using two-digit authentication each time. But a stolen session token allows a thief to gain the same access as the account owner without needing the password or two passcodes. Therefore, it can be difficult to distinguish between the credentials of the account owner, or the hacker who stole the credentials.
CircleCi said that stealing session tokens allowed cybercriminals to impersonate employees and gain access to some of the company’s production systems, which store customer data.
“Because the targeted employee had the privilege of generating a production access token as part of the employee’s legal duties, an unauthorized third party was able to access and extract data from a portion of the data. -data and marketing, including changes in the consumer environment, brand and key,” said Rob Zuber, the company’s chief technology officer. Zuber said the hackers gained access from Dec. 16 to Jan. 4.
Zuber said that while customer data was encrypted, cybercriminals also obtained the encryption keys. “We encourage customers who have not already taken steps to do so to prevent unauthorized access to third-party systems and stores,” Zuber added.
Several customers have notified CircleCi of unauthorized access to their systems, Zuber said.
The investigation comes days after the company warned customers to turn over “all confidential information” stored on its platform, fearing that its customer codes and other sensitive information used on its platform had been stolen. hackers access other applications and services.
Zuber said that CircleCi employees who maintain access to the production system “added additional confirmation steps and controls,” which should prevent repeated incidents, likely through the use of security keys. the hardware.
The first point of entry — stealing credentials from employee laptops — is similar to the hack of password manager giant LastPass, which also involved attackers targeting an employee’s device, though not it is even known if these two cases are related. LastPass confirmed in December that its customers’ secret passwords had been stolen in a previous breach. LastPass said the attackers compromised an employee’s device and access to the employee’s account, allowing them to gain access to LastPass’s internal developer environment.
Updated header to better reflect fetched customer data.