CircleCI breach post-mortem: Attackers got in by stealing engineer’s session cookie

The attackers who pulled off the recent breach of continuous integration and continuous delivery (CI/CD) platform maker CircleCI got in by compromising an engineer’s laptop with malware, stealing their 2FA-backed SSO session cookie, and using it to impersonate the employee in a remote location. “Because the targeted employee had privileges to generate production access tokens as part of the employee’s regular duties, the unauthorized third party was able to access and exfiltrate data from a … More →

The post …

2fa access access tokens account hijacking attackers breach circleci circleci breach continuous continuous integration cookie data breach data theft delivery devops don't miss employee engineer integration laptop location malware party platform privileges pulled session sso stealing third tokens