Jan 17, 2023 - Technology

What to know about CircleCI's recent cybersecurity incident

Illustration of a person behind a laptop screen with numerous cursors surrounding them and pointed towards their head.

Illustration: Aïda Amer/Axios

CircleCI, a company that develops testing and deployment tools for software engineers, has shared more details about how hackers broke into its systems last month and compromised customer data.

Driving the news: In a blog post published Friday, CircleCI chief technology officer Rob Zuber said hackers gained access to its networks after infecting an employee's laptop with malware.

How it happened: CircleCI believes the hacker compromised a company engineer's computer on Dec. 16 and went undetected by the company's antivirus software.

  • A few days later, the hacker was able to use the engineer's advanced network access to exfiltrate data about customers and steal the multifactor authentication session tokens used to keep employees logged in to various applications.
  • CircleCI wasn't able to shut down access for the compromised employee until weeks later, on Jan. 4.

Between the lines: CircleCI's ongoing security incident has caused a stir within software and engineering communities, seeing as its tools have access to customers' GitHub accounts.

  • Engineers use CircleCI to build, test and deploy new applications.
  • So far, fewer than five customers have notified CircleCI of any unauthorized access to their systems due to the hack, according to the blog post.

The big picture: The attack adds to a growing number of incidents where hackers are bypassing companies' multifactor authentication protocols.

  • However, CircleCI's incident was a slightly more advanced version of what companies like Uber and Okta have faced in the last year.

Threat level: Zuber said the hacker also obtained the encryption keys needed to decrypt customer data — adding more urgency for customers to "take action" to "prevent unauthorized access to third-party systems and stores."

What they're saying: "While one employee’s laptop was exploited through this sophisticated attack, a security incident is a systems failure," Zuber said in the blog post.

Sign up for Axios’ cybersecurity newsletter Codebook here.

Go deeper