CircleCI breach post-mortem: Attackers got in by stealing engineer’s session cookie

The attackers who pulled off the recent breach of continuous integration and continuous delivery (CI/CD) platform maker CircleCI got in by compromising an engineer’s laptop with malware, stealing their 2FA-backed SSO session cookie, and using it to impersonate the employee in a remote location. “Because the targeted employee had privileges to generate production access tokens as part of the employee’s regular duties, the unauthorized third party was able to access and exfiltrate data from a … More

The post CircleCI breach post-mortem: Attackers got in by stealing engineer’s session cookie appeared first on Help Net Security.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter