Data Breach

CircleCI Data Breach

0 records exposed • December 2022

A CircleCI employee laptop got infected with malware that stole their login session. The attackers then accessed secrets that customers stored in CircleCI for building software.

What Happened

An employee laptop was infected with malware that stole session tokens, bypassing MFA. Attackers accessed customer environment variables, secrets, and API tokens stored in CircleCI.

Attack method: Compromised employee credentials via malware

What Data Was Exposed

Customer secrets, API tokens, Environment variables

Is your business exposed?

What to Do If You're Affected

1.
Rotate all secrets stored in CircleCI immediately
2.
Review CI/CD logs for unauthorized access
3.
Audit OAuth tokens granted to CircleCI

Lessons for Businesses

• Session token theft can bypass MFA
• CI/CD platforms are high-value targets
• Customer secrets in third parties must be rotated after incidents

Sources

https://circleci.com/blog/january-4-2023-security-alert/

Related Breaches

Slack 2022, Github 2022

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required