Prominent integrator compromised:

Just before the New Year began, CircleCl, one of the world’s leading continuous integration and automated systems software, became compromised. It disclosed that unidentified threat actors had gained access to an employee’s laptop and leveraged malware to steal two-factor authentication credentials and breached the company’s systems at the end of December last year 2022.

Unidentified threat actor gains access to secure items:

The security lapse had allowed abuse of elevated permissions and included customer variables, tokens, and keys.

Upon discovery of the compromised OAuth software, it proactively took steps to rotate out all of its passwords and tokens, and notified customers of potentially affected AWS Token. Overall, the company dealt with the issue with haste and transparency, indicating and understanding that when something like this does occur, taking the proper steps to address and communicate the issue and helps maintains trust.

This issue from CircleCI is an important story in detailing how a security breakdown could happen to almost anyone and to have a system of checks and balances in IT security is necessary when these events do occur.

What can you do if this type of event occurs to you?

CircleCl has since put in more authentication guard rails and suggests you continually maintain your security updates and protocols.

If you want to ensure you have systems in place in case something like this does occur Britec can help! Contact us today.