CircleCI’s hack caused by malware stealing engineer’s 2FA-backed session

Hackers breached CircleCi in December after an engineer became infected with information-stealing malware that their 2FA-backed SSO session cookie, allowing access to the company’s internal systems.

Earlier this month, CircleCi disclosed that they suffered a security incident and warned customers to rotate their tokens and secrets.

data thIn a new security incident report on the attack, CircleCi says they first learned of the unauthorized access to their systems after a customer reported that their GitHub OAuth token had been compromised.

Read more…
Source: Bleeping Computer