BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • CircleCI says hackers stole encryption keys and customers’ secrets


    CircleCI, a software company whose products are popular with developers and software engineers, has confirmed that some of its customers' data was stolen in a dark web leak last month.

    The company said it had identified an intruder's access point to the system. It was a laptop of one of the employees, which was compromised by malware. This is how the attackers were able to obtain the session tokens used to keep the employee in the system.

    The company took the blame for the compromise, calling it a "system failure." CircleCI also added that its antivirus software was unable to detect token-stealing malware on an employee's laptop.

    Session tokens allow the user to stay logged in without having to enter a password each time or re-authorize using two-factor authentication. A stolen session token allows an attacker to gain exactly the same access. Thus, it is rather difficult to distinguish between the session tokens of the account owner and the hacker who has gained access inappropriately.

    Session token theft allows cybercriminals to impersonate company employees and gain access to some production systems that store customer data.

    “Because this employee had the authority to independently generate production access tokens, an unauthorized third party was able to gain the same authority and retrieve data from multiple databases and repositories, including customer environment variables, tokens, and keys,” said Rob Zuber, CTO of CircleCI.

    He also said that the attackers had access to the system from December 16 to January 4. Zuber noted that while customer data was encrypted, the attack also provided the cybercriminals with encryption keys capable of decoding the data.

    “We encourage customers who have not yet taken any action to do so as a matter of urgency to prevent unauthorized access,” Zuber added.

    According to Zuber, several customers have already reported unauthorized access to their systems to CircleCI.

    The leak analysis was completed days after the company warned customers to change "all sensitive data" stored on the platform.

    Zuber said CircleCI made the authentication process more difficult. This should prevent a recurrence of the incident.

    The method used by the attackers, stealing a token from an employee's laptop, bears some resemblance to the method by which the LastPass password manager was recently hacked. There, access was also obtained through the device of one of the employees: the attackers compromised the device and gained access to the account, which allowed them to penetrate the internal development environment of the service. It is not known for certain if the two incidents are related.

    Author DeepWeb
    The best marijuana strains of 2022
    Infected VPN clients distribute spyware

    Comments 0

    Add comment